A keylogger is a piece of software — or, even scarier, a hardware device — that logs every key you press on your keyboard. It can capture personal messages, passwords, credit card numbers, and everything else you type.
Keyloggers are generally installed by malware, but they may also be installed by protective parents, jealous spouses, or employers who want to monitor their employees. Hardware keyloggers are perfect for corporate espionage.
How a Keylogger Would Get On Your Computer
Most keyloggers on average computers arrive as malware. If your computer becomes compromised, the malware may include a keylogger or function as a Trojan that downloads the keylogger along with other harmful software. Keyloggers are a popular form of malware because they allow criminals to steal credit card numbers, passwords, and other sensitive data.
Keystroke-logging software may also be installed by someone close to you. A protective parent might go beyond typical parental controls and install software that includes a keylogger, allowing them to see everything their child types. A jealous spouse concerned about their husband or wife cheating might install a keylogger on their computer to keep tabs on them — it’s not necessarily a good thing, but it happens.
Some employers might install keystroke loggers on their employees’ computers to monitor everything they do, or just to investigate employees they’re suspicious about. Laws vary about when this is legal from jurisdiction to jurisdiction.
Some keyloggers can be implemented entirely as hardware devices. A typical desktop computer has a keyboard that connects to the back of the computer using a USB cable. If someone were to sneak in, unplug the keyboard’s USB cable, then attach a specialized USB device between the computer’s USB port and the keyboard’s USB connector, the device could function as a keylogger. Sitting in the middle, it could intercept keyboard signals from the keyboard, store them on the device, and then pass the keystrokes to the computer so everything would appear to be working normally. Security software on the computer wouldn’t be able to detect this keylogger, as it runs entirely in hardware. If the computer were hidden under a desk, no one would notice the device.
The person could then come back a few days later to grab the device and sneak off with it, leaving no trace of keylogging software or suspicious network activity.
If you’re worried about hardware keyloggers, just check the back of your computer and ensure there’s no suspicious device between your keyboard cable and the computer itself — of course, there probably won’t be. (And if there is, it’s probably some sort of legitimate adapter like the one below.)
How Keyloggers Function
Keylogging software runs hidden in the background, making a note of each keystroke you type. Software could scan through the file for certain types of text — for example, it could look for sequences of numbers that look like credit card numbers and upload them to a malicious server so they can be abused.
Keylogging software may also be combined with other types of computer-monitoring software, so the attacker would be able to see what you typed when you visited your bank’s website and narrow in on the information they want. A keylogger could detect the first keystrokes you typed into an online game or chat program, stealing your password.
Someone could also look through the entire log history to spy on you and see what you search for and type online. Computer-monitoring software intended for use by parents or employers may often combine the keylogger with a screenshot program, so someone can read through a history of what you typed combined with screenshots of what was on your computer screen at the time.
Ensuring You Don’t Have Keyloggers
Keylogging software is essentially just another type of malware. You can avoid keylogging software in the same way you avoid other malware — be careful what you download and run, and use a solid antivirus program that will hopefully prevent keyloggers from running. There are no real special tips for avoiding keyloggers in particular. Just be careful and exercise basic computer security practices.
If you’re feeling really paranoid about keyloggers, you could try logging into your bank’s website or other sensitive websites with a software keyboard — in other words, you click buttons on the screen rather than pressing buttons on your keyboard. This won’t protect you from many keyloggers that monitor multiple forms of text input beyond just logging keystrokes, so it’s probably not worth bothering with.
Keyloggers are one of the more dangerous forms of malware, as you won’t realize they’re running if they’re doing their job well. They hide in the background and don’t cause any trouble, capturing credit card numbers and passwords for as long as they can evade detection.