Skip to Main Content

The definitive guide to keyloggers: Protect yourself! 

You’re at home, innocently typing an email on your laptop. You’re alone and confident that no-one is watching. In fact, keylogger software could be right there with you, spying on every letter you type…sound creepy? It is and can pose a real threat to your digital security. Yet what is “keylogging” exactly, is it legal, who is behind it, and how can you protect yourself from this insidious online threat? Note: No keyboards are actually harmed or stolen. Your personal data may not be so lucky… 

What is a keylogger and where does it come from? 

Is someone peering over your shoulder as you type? Not really, but they might as well be with the right technology in place. Welcome to keystroke logging or keylogging for short. This crafty member of the spyware family of malware is also called keyboard capturing and refers to software that records a log of everything you type. Hackers use this activity-monitoring program to gain access to your sensitive data, such as the websites you visit, and the credit card numbers and passwords that you enter. The information is then sent to a server where cybercriminals can use it. Armed with the right credentials, they can access a treasure trove of other sensitive information, like your emails, social media, and online banking accounts, seriously jeopardizing your data security and even identity.   

Did you know that the earliest known keylogger is older than home computers? It’s a dinosaur in technology terms. In the 1970s, intelligence services in the Soviet Union developed a device that could be hidden in IBM electric typewriters and sent information about keystrokes via radio bursts. These miniature Cold War spies were then deployed in typewriters at U.S. diplomatic facilities in Russia. If you think it all sounds a bit “James Bond”, you’d be right! Spyware has often been part of the supporting cast of gadgets in 007 films. Remember the bionic eye that allows Blofeld to communicate remotely and keeps a video log of what it has seen? Fortunately, your keyboard doesn’t come with a laser beam cutter (yet)…  

Speaking of spies, is all spyware also keylogging and what’s the difference? Not exactly. The term “keylogger” is often used interchangeably with spyware, but spyware is the generic name for malware that steals user information. The term “keylogger” refers only to software that records keystrokes. Now, what about the legal status? It may come as a surprise but keylogger software isn`t necessarily illegal. If it’s installed with the device user’s consent, it can have useful and legitimate applications. For example, keyloggers can give scientists, companies, and web designers insight into how humans behave on computers. They’re also used by IT departments to troubleshoot problems and companies may use them to monitor employee activities and verify that staff aren’t giving away company secrets! You could also legitimately install one to check what the kids are up to on your computer. Keyloggers only stray off the legal pathway when they’re installed secretly and with malicious intent.  

Meet the usual suspects: And don’t call all keyloggers “software”! 

There are five common types of keyloggers depending on which part of the computer they’re embedded into.  

API-based keyloggers are the most common. Thanks to the keyboard API (application programming interface), every time you press a key, a notification is sent to the application you’re using, and the typed character appears on the screen. API-based keyloggers are pieces of software that intercept and capture these notifications. The log is then eventually retrieved by the hacker.   

Form-grabbing keyloggers log the data from your web forms, such as your full name, address, email, phone number, or credit-card info. The process begins as soon as you hit the “Submit” or “Enter” button and is completed before your form data is submitted to the website.  

Kernel-based keyloggers hide in the “kernel” or core of your computer’s operating system, which makes it difficult to detect and remove them. As you type, your keystrokes pass through the kernel, where they are intercepted by the keylogger. This keylogging software can be tricky to write, so it’s rarer than other forms, but when it is distributed, it usually hitches a lift in malicious software bundles.  

Hardware-based keyloggers are devices that use the circuitry of a keyboard to log keystrokes. They’re usually built into the keyboard, but also appear as USB connectors, mini-PCI card (for laptops), or even keyboard overlays. Instead of software recording keystrokes, the records are kept in the internal memory of the device.   

Acoustic keyloggers are highly complex and therefore rarely used. They make use of the fact that every key on your keyboard makes a slightly different sound when pressed. By analyzing these sounds, sophisticated keyloggers can determine what was typed. All they need is access to your microphone. 

Now you know how they work, how could one of these infect your device? Read on.  

How does a keylogger get onto your system? 

Hardware keyloggers must be physically plugged into a computer, so direct access is required. This tends to be tricky and usually the help of a corrupt insider is needed (i.e., If Joe from Accounts turns against the company and installs keyloggers). Therefore, most illicit keyloggers are of the software variety and delivered in the same way that malware gets onto your system: via worms, viruses, and Trojans. When you open a malicious email attachment, SMS message, or visit an infected website, the keylogger can automatically download itself on your device.   

Hackers are always perfecting their social engineering methods to trick you into downloading their wares. Phishing emails are disguised as legitimate emails from a trusted family member or business and entice users to click on malicious links or attachments. Smishing is a type of phishing attack that arrives as a text (SMS) message. Ever heard of spear phishing? These are highly targeted online attacks on powerful small groups or important people.   

It’s not just emails and text messages as use cases that can open a door to keyloggers and other malware. Beware of the bad pop-up claiming to help you remove a virus that you don’t have. It could be scareware —malware that scares people into downloading fake security software or visiting a malware-infected site.  

What threats do keyloggers pose? 

Unlike other forms of malicious programs, keyloggers don’t damage your computer or operating system. They’re potentially dangerous because they can go undetected for long periods of time, recording activity which may give cybercriminals an intimate look into your digital life. Sometimes we unwittingly help them. If you’re reusing passwords a keylogger could expose the login credentials of multiple accounts! Here’s what could go wrong if you’re the victim of a keylogger attack. The cybercriminals can: 

  • log into your email account and scam your contacts. 
  • steal credit card information and make unauthorized purchases. 
  • access your bank accounts and transfer money. 
  • log into your company’s computer network and steal confidential information or spread further malware.

Last year, Snake Keylogger slithered its way into the most wanted malware of the year list following a surge of email campaigns. These cunningly delivered the software via pdf files instead of the more typical docx or xlsx attachments.   

It’s not always financial gain or a stolen identity though! Did you ever hear of the UK student who deployed a keystroke logger on computers at his university to steal staff’s login details? He then used this information to access his university records and improve the marks on his exams. That’s one way around studying—but it’s not recommended. The student was arrested.  

Let’s go on a keylogger hunt: How can you detect a keystroke spy? 

For a hardware keylogger you should, of course, check your hardware. Is there a thumb drive or anything that looks unfamiliar plugged into your computer? There are tell-tale signs that you might be hosting a software keylogger as an unwelcome guest—although these are often features of malware in general. Look out for any changes in your computer’s performance, or anything that looks “off”, including: 

  • A lag in mouse movements and keystrokes, so it takes longer for the words you type to appear on the screen 
  • Web pages loading more slowly  
  • A disappearing cursor 
  • Unusual error messages

If you experience any of these symptoms, it’s advisable to take a deep dive into your device’s system by following these steps: Inspect and review the programs installed on your device. If you don’t recognize something, research it online, and uninstall it if you don’t need it. Use the Task Manager (PCs) or Activity Monitor (Macs) to see which applications and background processes are running. Then end any applications or processes that you don’t know. To be ultra-sure, you can reset your device and restore it from a backup. 

Beware that hackers often make keyloggers look like legitimate programs though! They don’t helpfully label them “I Spy”. Reputable, up-to-date antivirus is the most reliable way to help protect yourself from keyloggers and other malware, but there’s more on that below… 

How can you protect yourself from keyloggers? 

Everything you do online may put you at risk of a cyberattack. Be careful with your own actions and deploy trusted, heavy-hitting online security technology proactively to help avoid becoming a victim: 

  • Use a firewall to monitor network traffic for suspicious activity. Firewalls can help prevent a keylogger in action by intercepting data that it attempts to send through the internet.  
  • Verify that emails are from legitimate sources. If you’re in doubt, never click on links or open attachments. If you still want to perform a requested action, like resetting a banking password, do so directly on your bank’s website.  
  • Verify that websites are legitimate and not a fake version of a popular website. Before entering personal information, look out for the website’s digital certificate to validate its security. 
  • Use strong, unique passwords for your online accounts and manage them more securely with a password manager like the free Avira Password Manager. Where possible, set up two-factor authentication.  
  • Update all software frequently so it’s better protected against the latest online threats. The security loopholes in outdated software can be known to cybercriminals! A software updater like the free Avira Software Updater makes it easier to keep your software safely up to date.  
  • Use antivirus technology. For multiple free layers of online security and privacy, consider Avira Free Security. Avira also offers Avira Prime, a subscription-based solution with premium tools and support. 

As with all online threats, you can minimize infection and damage from keyloggers by taking sensible precautions and using trusted tools. The more we understand, the better equipped we are to protect ourselves—and that’s essential in a cyberworld where hackers are relentlessly active and always getting more creative. 

This post is also available in: GermanFrenchItalian

Freelance Cybersecurity Writer
Nicola Massier-Dhillon is an experienced cybersecurity and technology writer. Nicola spent many years as a senior copywriter and creative lead in marketing agencies, crafting compelling content and campaigns for major tech brands like HP, Dell, and Microsoft. She originally hales from Namibia and is a passionate advocate for the conservation of wild habitats--also putting her words to work for charities, eco-tourism, and healthcare. Nicola spends her time looking after her (wild) twins, rescue cats, and a crested gecko called Giles.