What activity involves simply observing someones screen or keyboard to get information often passwords?

Some cyber threats your home computer seem like they are borrowed straight out of sci-fi or spy movie. But they are as real as real can be, and while you might not know it yet, but you are their target.

According to the SophosLabs 2020 Threat Report, attackers are upping their innovativeness. They’re exploiting vulnerabilities with a range of malware exploits like a keylogger attack. 

What is a keylogger?

A keylogger is an insidious form of spyware. You enter sensitive data onto your keyboard, believing nobody is watching. In fact, keylogging software is hard at work logging everything that you type.

Keyloggers are activity-monitoring software programs that give hackers access to your personal data. The passwords and credit card numbers you type, the webpages you visit – all by logging your keyboard strokes. The software is installed on your computer, and records everything you type. Then it sends this log file to a server, where cybercriminals wait to make use of all this sensitive information.

If keyloggers seem like Hollywood fiction, that’s because we’ve seen them on the silver screen before. You might remember Tom Cruise’s character using one a Mission Impossible film, and the popular hacker show Mr. Robot bases a key plot point around keyloggers.

These cybercriminals aren’t just eavesdropping on whatever you are typing. They have ringside seats. 

They aren’t always illegal

Reading the keylogger definition, you might think all keyloggers are illegal.

They aren’t. They do have legitimate, useful applications. For example, keyloggers are often used by IT departments to troubleshoot problems and systems. Also, they can keep an eye on employee activities. And on a personal level, you can keep an eye on what your kids are up to on your computer. Plus there are plenty of other perfectly legal use cases for installing a keylogger on computers.

Keylogging goes south and becomes a threat if there is malicious intent. Simply put, if you install a keylogger on a device you own, it is legal. If a keylogger is installed behind the back of the actual owner to steal data, it is illegal.

Two types of keyloggers

Some keyloggers are hardware devices embedded within your internal PC hardware. They also come as a form of a plug placed between the CPU box and keyboard cable in an inconspicuous manner. In either case, someone will have to physically plant the hardware into your PC or its peripherals. This will require a  degree of secrecy if it needs to be achieved clandestinely.

The second type of keyloggers are software that can be easily installed on victims’ devices. While this software is a type of malware, it is “good” malware, wherein it doesn’t harm its host. Its sole job is to snoop into the keystrokes and not impact the computer. You merrily go about your business, while undetectable keyloggers start stealing personal or sensitive data, without you ever knowing.

Keylogging attack path

Attack tactics like phishing and social engineering are some of the common ways keyloggers are installed. But there is another way this software can find its way to your computer. Imagine a scenario where you make your way to a file sharing site and choose a software download. While doing so, you get something extra in the – your software came bundled with a keylogger. This way a keylogger can infiltrate your “safe” computer.

How to remove a keylogger (prevention is better than cure)

Taking responsibility for your personal computer’s security is the first step towards preventing a keylogger attack. Irresponsible use of a computer is a security hazard and can put your data at risk.

Here are a few tips for keylogger removal to avoid getting sucked into the “maelstrom” of cyberattacks:

• If you think your computer is a target for  keyloggers, keep checking for unwanted software, and delete it
• Don’t download files from unknown sources
• While entering password info on banking sites, use a virtual keyboard; in fact, use a virtual keyboard wherever possible
• Use a password manager, as the manager will automatically enter the password, making keystrokes redundant (no keystroke, no keystroke logging)
• Use a powerful and next-gen antivirus and internet security suite that can keep your personal computer safe from advanced and evolved cyberattacks and identify and remove malicious software for you

A comprehensive internet security suite holds the key

With Sophos Home you get the advantage of AI-enabled security that helps protect your PC and laptops from advanced viruses, exploits, malware, and ransomware attacks. You can get your hands on free endpoint protection for 30 days and move to Sophos Home Premium when you’re ready to upgrade.

Sophos Home’s ‘Privacy Protection’ feature protects your privacy from unauthorized intrusion and encrypts everything you type, such as usernames and passwords. It prevents hackers from capturing your sensitive data or accessing your online accounts. Sophos Home also guards your banking and credit information from malicious third parties and keylogger software.

A keylogger is a tool that can record and report on a computer user's activity as they interact with a computer. The name is a short version of keystroke logger, and one of the main ways keyloggers keep track of you is by recording what you type as you type it. But as you'll see, there are different kind of keyloggers, and some record a broader range of inputs.

Someone watching everything you do may sound creepy, and keyloggers are often installed by malicious hackers for nefarious purposes. But there are legitimate, or at least legal, uses for keyloggers as well, as parents can use them to keep track of kids online and employers can similarly monitor their workers.

What does a keylogger do?

The basic functionality of a keylogger is that it records what you type and, in one way or another, reports that information back to whoever installed it on your computer. (We'll go into the details in a moment.) Since much of your interactions with your computer—and with the people you communicate with via your computer—are mediated through your keyboard, the range of potential information the snooper can acquire by this method is truly vast, from passwords and banking information to private correspondence.

Some keyloggers go beyond just logging keystrokes and recording text and snoop in a number of other ways as well. It's possible for advanced keyloggers to:

• Log clipboard text, recording information that you cut and paste from other documents
• Track activity like opening folders, documents, and applications
• Take and record randomly timed screenshots
• Request the text value of certain on-screen controls, which can be useful for grabbing passwords

What types of keyloggers are there and how do they work?

The term "keylogger" covers a wide variety of tools, some of which produce the same results in wildly different ways. We'll drill down into the different types and talk a little bit about how they work.

The first general category is keylogger software. These are programs that live on your device and record your keystrokes and other activity.

Perhaps the most common type of keylogger software is a user mode keylogger, sometimes called API-level keyloggers. These programs don't have administrative privileges, but still manage to intercept information transmitted by the application programming interfaces (APIs) that allow different applications to receive keyboard input. On Microsoft Windows, such keyloggers track GetAsyncKeyState or GetKeyState API functions and use a DLL to record the harvested data.

Kernel-level keyloggers are more difficult to create and install, but once they're in place, they get their hooks into the operating system itself and are more difficult to detect and eradicate as a result. At the other end of the spectrum, there are screen scrapers, which don't log keystrokes but rather use the computer's screenshot capabilities to record onscreen text, and browser-level keyloggers, which can only detect text entered into a browser form (but considering how much of our online life takes place within a web browser, that's still pretty dangerous).

In addition to keylogging software, there's also keylogging hardware, including recording devices that can be installed in the keyboard wiring itself, or a keylogging device might be built to look like a USB thumb drive and slipped into a port on the laptop or the computer. There are also gadgets that can record the Bluetooth communication between a wireless keyboard and a computer.

One particularly esoteric version of keylogger, which has been tested in the lab, is an acoustic keylogger that can determine with uncanny accuracy what you're typing just based on the noise your fingers make on the keys. Considerably simpler is the idea of third-party recording, which essentially consists of a camera surreptitiously pointed at your screen and keyboard.

All of these different kinds of keyloggers have to save that data somewhere; with hard drives much larger than they once were, it generally isn't hard to find a place to stash it. Keylogging software will occasionally send the information it's harvested over the internet back to whoever's controlling it, sometimes disguising the data to keep its activities hidden. Hardware keyloggers may be able to do this too, although sometimes their controllers must come physically collect them.

Before we move on, we should discuss one other kind of distinction we can make among different kinds of keyloggers. This one isn't about how they work on a technical basis; instead, it's about their legality. Any of the above types of keyloggers could be installed by a malicious attacker who's looking to steal your personal information or passwords.

However, when the owner of a device installs a keylogger on their own system, things get murkier. Many commercial keyloggers are marketed to parents who wish to monitor their children's online activities, and this is generally considered legal if the parents own the computers being monitored. Keyloggers are often found on computers in school or work settings as well, and in most jurisdictions in the United States they are considered legal if used for legal purposes. In other words, your boss can use data gathered from a keylogger installed on your work laptop as evidence to fire you if they discover you're engaging in some unsanctioned activity. But it would still be illegal for them to, say, harvest your banking passwords if you happen to log in to your financial institution at work.

How does a keylogger get on your system?

A physical keylogger has to be physically plugged into a computer, and so requires direct access, which is a tricky business often executed via social engineering techniques or a compromised insider.

But the most common type of illicit keylogger is the software variety, and that can best be described as keylogger malware. In fact, keyloggers, because they can harvest such lucrative data, are one of the most common malware payloads delivered by worms, viruses, and Trojans.

Thus, the way a keylogger gets onto your system is the same way any other type of malware gets onto your system, and that means that if you exercise good cybersecurity hygiene, you should be able to keep keylogger software at bay. To do that, you should:

• Watching out for phishing emails, and don't open or download attachments if you're not absolutely certain where they came from
• Similarly, don't download or install applications unless they come from a trusted source. That includes browser navbars, which are a common malware vector.
• Keep your computer safe with updated antivirus software.

How to detect a keylogger

How can you know if there's a keylogger on your system? For a hardware keylogger, of course, you should check for the hardware. If there's a thumb drive or something that looks unfamiliar plugged into your computer, investigate it. If you work on a corporate desktop, check the back panel once in a while to see if something new and strange has popped up.

With software keyloggers, there are some signs that you might be able to pick up on yourself. Keyloggers can sometime degrade web performance, spawn unusual error messages, and interfere with loading web pages. These are all features of malware generally; sometimes you can just tell that something is "off" with your computer. Keylogger-specific signs could include lags in your mouse movement or keystrokes, where what you type doesn't appear on screen as quickly as it should. On a smartphone, you might notice that screenshots are degraded. (Yes, keyloggers can be installed on smartphones, just like any other kind of malware.)

However, if a keylogger is causing those sorts of visible problems on your computer, it probably isn't a very good one. That's not to say you won't ever be infected by a keylogger that causes those symptoms—there are plenty of cybercriminals willing to unleash quick-and-dirty "good enough" malware on their victims. But don't get a false sense of security just because your computer is working smoothly: a commercial keylogger or one implemented by a skilled criminal or nation-state hackers can do its business in the background without you ever knowing. That's why a good endpoint security solution is key: these platforms hunt for keylogger code on your machine, and are continuously updated with the latest malware signatures to help them spot new variants.

Network security systems also have a role to play in detecting keyloggers. Remember, that data has to get back to the keylogger's controller somehow, and generally it's sent out over the internet. While many keyloggers go to great lengths to disguise their data as ordinary internet traffic, good network security tools can sniff it out.

Still, you should always be prepared for the possibility that a keylogger is lurking somewhere on your system. One good defensive mechanism against potential snooping is to use a password manager, which fills passwords into browser windows securely in ways most keyloggers can't detect.

How to remove a keylogger

The bad news is that you're probably not going to be able to remove a keylogger on your own. You might find some websites that recommend hunting through your operating system's task manager or list of installed programs and deleting anything that looks unfamiliar or suspicious; while that's not a terrible idea, a keylogger of any degree of sophistication will not be visible in those contexts.

The good news is that endpoint security suites almost all delete malware in addition to detecting it. If you search through reviews and ratings of anti-keylogger software, like the ones from AntiVirus Guide or Best Antivirus Pro, what you find are lists of the heavy hitter antivirus and endpoint protection vendors, like McAfee, Kaspersky, Norton, Bitdefender, and so on. If you find an endpoint protection suite you like, it will almost certainly do the job when it comes to cleaning your computer of keylogger software.

History of keyloggers: Examples and famous attacks

The earliest known keylogger actually predates the computer age. In the 1970s, Soviet intelligence developed a device that could be hidden in an IBM electric typewriter and send information about keystrokes via radio bursts; these were deployed in the typewriters at U.S. diplomatic facilities in Moscow and Leningrad.

The first computer keylogger was developed by then-graduate student Perry Kivolowitz in 1983 as a proof of concept. One particularly noteworthy example of a keylogger "in the wild" was distributed with a Grand Theft Auto V mod in 2015. In 2017 hundreds of models of Hewlett Packard laptops were found to have shipped from the factor with a keylogger installed, though HP insisted that this was a tool meant to diagnose keyboard performance that should've been deleted before shipment rather than an attack.

Two of the most widespread keylogger malware programs in recent months are the Snake keylogger and Phoenix, an older program recently resurrected with new capabilities. Both programs are evidence that cybercriminals are innovating in this area—so stay on your guard.    

Copyright © 2022 IDG Communications, Inc.