Keyloggers are programs or devices that log keystrokes. Keyloggers are dangerous because they specifically read out login data such as names and passwords, and transmit them to unauthorised third parties. This threatens the security of your e-mail passwords, social media accounts, and online banking data. Keyloggers like these are not only used by individual hackers, but also by investigative authorities and intelligence services to spy on confidential data. The term “keylogger” is often used synonymously with spyware. However, spyware is the generic term for malware that gets its hands on specific user information. The term “keylogger” is more defined, since it is only used to identify keystrokes.
A keylogger is software or hardware that records keystrokes to pass them on to third parties. This jeopardises data security, since it allows unauthorised people to obtain login data such as passwords, which they can then use to access even more private data.
Not all keyloggers are harmful or illegal. Keylogging can be used to check a user’s behaviour on the computer – they aren’t necessarily only used for criminal reasons. Keyloggers also make it easier to document computer use for scientific purposes e.g. collecting data to get insight into how humans behave on computers. Keylogger programs and devices are not necessarily illegal – they only become questionable from a security point of view if they are installed without the user’s consent.
If your e-mail account has been hacked, you may have fallen victim to a keylogger. This article explains what you can do to get access back to your account.
On the software side, keyloggers often work via unobtrusive background processes that copy keystrokes. Some keyloggers can also take screenshots of the text that’s been entered. This data is then usually passed on online or stored in a file on the victim’s hard drive. In the latter case, the hard drive is then accessed without permission. These types of keyloggers are the most popular and can be effectively avoided if you have a firewall or an antivirus program installed on your computer. Keylogger software is available in many different versions. We present some of them below:
Keylogger software / principle / technology | Functionality |
Simple software basis | Computer program that reads keyboard commands via a background process. |
Hypervisor basis | The keylogger hides behind the operating system using a hypervisor malware program – the operating system itself remains unaffected. As a result, the keylogger functions like a virtual machine and runs independently of the operating system. |
Kernel basis | The malware hides directly in the operating system and gains access to the root account, which is where keystrokes are logged. These keyloggers can also disguise themselves as drivers and are relatively difficult to detect. For example, antivirus scanners need root access to detect this type of malware. An example of this is the kernel-based trojan, Duqu. |
API basis | These keyloggers connect to application programming interfaces (APIs) and respond to each keystroke. |
Form-grabbing basis | This type of keylogger logs online forms and copies the corresponding login data. The software can also access the browser history to determine which pages have been visited. |
Man-in-the-browser basis (MITB) | Also known as “Memory injection,” these keyloggers hide in the web browser and log keystrokes without the user knowing. For example, these keyloggers collect information sent via input fields and store it in the internal logs of the browser. The logs are then accessed from the outside. |
Remote access basis | These remote keyloggers allow external access to the malware. The logged keystrokes are “tapped” via e-mail or an upload. These keyloggers also often work in conjunction with appropriate hardware. |
Many internet users don’t even know that hardware keyloggers exist and that it’s not just software that spies on passwords. This type of keylogger can be, for example, in the form of a small USB connector that is attached somewhere between the keyboard and the computer. Connectors like these have an internal memory that stores the keystrokes logs. If you later remove the keylogger, you can then read the saved logs. Hardware-based keyloggers are also available in very imaginative and surprising variants, similar to something James Bond would use. However, private users will rarely come into contact with them.
Keylogger hardware / principle / technology | Functionality |
Keyboard additional hardware | Additional hardware is installed between the keyboard and the computer – typically on the keyboard connection cable directly. Also called “KeyGrabber,” these keyloggers are usually designed as small connector attachments with internal memory. The keystrokes are logged in this file. KeyGrabber is available for both USB and PS2 ports. These devices are usually attached directly to the computer connection and are only noticed when the user looks more closely. They can be hard to spot if the computer connections are not directly visible at your desk (i.e. because the tower is underneath on the floor). |
Firmware basis | These hardware-specific keyloggers log keystrokes at the BIOS level. You often need physical access to the hardware and at least root access. Firmware-based keyloggers are also used, for example, in the form of attachments for hardware circuits. They are not visible until the device concerned is opened. |
Keyboard and mouse sniffer | These devices read data that is transferred from a wireless keyboard or mouse to the target system. Since wireless communication is often encrypted, the sniffer must also crack this code. |
Keyboard attachments | Criminals often use this method of keylogging on ATMs. You install an attachment on the machine’s card slot. This attachment is often difficult to recognize and the user presumes it’s an integral part of the machine. When customers enter their PINS and other confidential information, they involuntarily feed it into the keylogger. |
Acoustic keylogger | These devices evaluate the noises that a user makes with the keyboard. Each key makes a different sound when pressed, although this is indistinguishable to humans. Acoustic keyloggers can be used to gather statistics on human behaviour on computers to reconstruct the text entered by the user. However, these instruments require a sufficient sample size of at least 1,000 keystrokes. |
Collecting electromagnetic waves | All keyboards generate electromagnetic waves with a range of up to 20 meters. Special devices can register and read these waves out. |
Video surveillance | The term keylogging can also include traditional video surveillance. This is when the keyboard input is observed using a camera and logged externally. |
Physical trace analysis | This technique is used less often for traditional PC keyboards and more for numeric input fields. Pressing certain keys more often than others leaves a physical trace that can be used to reconstruct a password, for example. |
Smartphone sensors | Modern smartphones have so-called accelerometers, which can be reprogrammed to special keyloggers. If the phone is near the target keyboard, it can read the vibrations generated when the user types. |
Most keyloggers can be kept at bay with a virus scanner and an up-to-date firewall. Of course, new keyloggers are constantly being developed and their signature is not immediately flagged by the protection programs as being harmful. So, how you behave when using your computer is also important if you want to minimize the risk of keylogging. We have put together some tips on how you can protect yourself from keyloggers.
A website operator is responsible for the security of a web project as well as the content. Neglecting security may lead to hackers easily infiltrating the system through security gaps. If a malware-infected website goes unnoticed, it could cause serious damage. It is therefore important to make sure your site is fully protected.
Practically every PC user fears Trojan horses and computer viruses. Security is paramount if you are managing sensitive data or setting up a server. You need a comprehensive security concept to protect yourself against insidious malware. It’s helpful to know the different types of malicious software that exists, and how to combat and safely remove them.
Provide powerful and reliable service to your clients with a web hosting package from 1&1 IONOS
