Keyloggers are a type of monitoring software designed to record keystrokes made by a user on their keyboards. They are one of the oldest forms of cyber threat.
- Keyloggers are used by cyber villains to steal personal or financial information such as banking details, which they can then sell or use for profit.
- They also have legitimate uses within businesses to troubleshoot, improve user experience, or monitor employees.
- Law enforcement and intelligence agencies also use keylogging for surveillance purposes.
Most keyloggers are software programs that use algorithms to monitor keyboard strokes through pattern recognition and other techniques. The amount of information collected can vary. The most basic keyloggers only collect the information typed into a single website or application. More sophisticated ones can record everything you type, including information you copy and paste.
Some variants of keyloggers, especially those targeting mobile devices, record information such as calls, both call history and the audio, information from messaging applications, GPS location, screen grabs, and even microphone and camera capture.
A long history
NATO is believed to be one of the first users of keyloggers in the 1960s. They were certainly used by the Soviet Union in the 1970s to monitor IBM electric typewriters used at embassies based in Moscow. They recorded what was typed and sent the information back to Soviet intelligence via radio signals.
Siphoning sensitive data
Today keystroke loggers are a common part of the cyber-criminal toolset to capture financial information such as banking and credit card details, personal information such as emails and password or names and addresses, or sensitive business information around processes or intellectual property.
Keyloggers can be placed on machines in a number of different ways. Physical loggers require a person to be physically present to be placed on a machine, meaning such attacks are harder to achieve, and more likely to come from an insider threat. Wireless keyboards can also be snooped on remotely.
Several years ago hundreds of models of HP laptops were shipped with keylogging code present in its touchpad drivers. The logging was disabled by default and was part of a debug tool left in by one of the company’s suppliers.
Software-based keyloggers are far more common. Infected website domains are a common attack method. Someone visits, an infected website, downloads an application or clicks on a link, and their devices is infected with a keylogger.
Malware-infected apps are an issue. Google once had to remove 145 apps from the Play Store that contained keylogging malware. Loggers are also often included in phishing emails containing malicious links.
Many keyloggers are also delivered with ransomware, cryptocurrency mining or botnet code attached that can be activated at the attacker’s discretion. This why its important to ensure you are running proven antivirus software that detects and blocks malware that hides keyloggers.