Keyloggers: Detect and Prevent this Age-Old Threat

Keyloggers are a means, either hardware or software-enabled, of recording every keystroke made on the keyboard. These tools do have their legitimate purposes (more on those later), but they’re most often used for surreptitiously tracking a user’s data entries to steal passwords, banking login numbers, addresses, and other sensitive personal information.

Interestingly, keyloggers actually predate personal computers as we think of them today. Soviet spies used them to steal information from electric typewriters belonging to the United States during the Cold War, the NSA admitted in a paper declassified in 2012. More recently, the FBI used its own original keylogger to trace the source of bomb threats made by a Washington state teen.

Download the Ultimate Cybersecurity Comparison Kit (1600+ Reviews, 5 Short Reports)

Today, they’ve become a common tactic for cybercriminals looking to steal valuable data, access protected accounts, or embark on long-term snooping for espionage purposes. They do, however, have legitimate applications as well.

Keyloggers can be legally used as keyboard shortcuts (since this function, by definition, must track keystrokes), to toggle between keyboard languages, and as parental or usage-control measures. They begin to cross the line from benign to malign, though, when they’re used without the informed consent of the user.

Keylogger USBs and Viruses: How You Get Infected

Keyloggers can be broadly divided into two categories: hardware and software-enabled. There are a wide variety of more specific types falling under each of the two categories, but here’s a brief look at examples of each.

Hardware-enabled keyloggers:

  • Traditional keyloggers are installed at some point between a keyboard and the device itself. They are often made to look like ordinary computer components to avoid detection, often blending into a tangle of cords hanging behind a desk or workspace.

  • Keyboard overlays can be difficult to pull off convincingly, but when done well they are difficult to detect. Not unlike an ATM skimmer, these phony keyboards fit snugly onto an actual keyboard and relay keystrokes to a third-party snooper.

  • USB keyloggers, given the obvious difficulty in concealing their presence, are most often used for legitimate purposes, such as a workplace monitoring what information is being relayed to protect trade secrets and other sensitive information.

Software-enabled keyloggers:

  • Phishing attacks are now one of the most common methods of delivering these devices. Because they can be transferred to a machine in much the same way as any other type of malware—by prompting a victim to open a web browser, download an attachment, or click a link—one user misstep is enough to get this malicious payload in the door.

  • Trojan keyloggers are installed on users’ systems under false pretenses. Often, they ride the coattails of an innocent-looking application to avoid arousing suspicion. So that movie pirated from a sketchy streaming site may have more twists than originally anticipated.

Given the ease of delivering them, the difficulty in detecting them, and the potential payoffs from stealing valuable information, digital keyloggers are now far more common than their hardware-enabled forebearers. They can be delivered via browser links, malicious scripts, email attachments, and even disguised as legitimate downloads. If one is hiding on your computer, it’s likely of the digital variety.

How to Detect, Prevent, and Remove Keyloggers

Smart prevention practices are the best way to avoid this age-old threat. But before we get to those, here’s how to make reasonably sure you’re starting off keylogger-free.

  1. Install a reputable antivirus. Keyloggers can live in several places within a device, making them especially difficult to detect manually. But antivirus solutions can sweep an entire machine quickly and efficiently, saving you time and hassle. Beware of free solutions, though, because in cybersecurity as in life, you get what you pay for.

    Signature-based antivirus solutions—those that search for threats based on a static list of known threats—should also be avoided since they’re easily fooled. If a keylogger is detected, an antivirus will also be the best bet for removing it.

  2. Update all your apps. Patches and security updates are released for a reason. Vulnerabilities that could expose a user to the installation of a keylogger are often resolved. Users can also use this as time to purge their devices of seldom used apps that could needlessly pose additional risk.

  3. Manage permissions. Always beware of apps requesting permissions which seem excessive. For web browsers, periodically clear your cache, delete cookies, and remove any browser plug-ins you don’t typically use. Again, this is good practice for overall cyber hygiene, so it’s a good habit regardless of the threat you're concerned with.

The above steps are good for the detection and removal of keyloggers. But to prevent infections in the first place, in addition to using an antivirus, understanding social engineering attacks is the best defense. While it may not sound like a silver bullet, this means that basic best-practices for cybersecurity are also the ones most likely to protect you from this threat.

Use two-factor authentication where possible and think before you click. Remember, keyloggers can be delivered via the same methods employed by phishing attacks, which means users must be constantly vigilant against abnormal or unexpected communications from unknown senders.

Find the right cybersecurity solution for you.