What Is a Keylogger?

2020-05-19 - 7 min read

Spyware continues to haunt internet users and businesses alike, and keyloggers are some of the most dangerous. Keylogging software tracks each keystroke on a device, recording them for a third-party viewer. Cybercriminals use keyloggers to steal passwords and private data in real-time; the consequences can be devastating.

That's not to say keylogging programs are only useful to hackers. There are some legitimate applications for this type of software. From infection sources to legal corporate usage, here's everything you need to know about keyloggers.

How does keylogging work?

In a malicious attack, the perpetrator begins by forcing the keylogger onto a victim's device. Like most malware, there are several common methods for infection, which we'll explore later.

Once the malware's installation is complete, it can yield a range of results. Its reach depends on both the sophistication of the software and the device in which it's operating. A simple tracker might only pick up keystrokes on a single page or application, but a more advanced keylogger can do a lot more.

At the most extreme end of the spectrum, this software can extend itself into almost every facet of a device. Its functions may range from tracking copy-and-pasted data to tapping into a tablet’s microphone. On a phone, an advanced keylogger could record calls, harvest location data, and even take screenshots.

With a keylogger, a criminal could spy on a user’s passwords, sensitive payment information, and private messages. Armed with that information, they can launch further attacks, with individuals and companies facing major losses.

Infection: how does a keylogger reach your device?

Like most forms of malware, there are several different infection channels for keyloggers. We’ll focus on three main ways how they can get into your device.

  • Malvertising

Malicious advertising (malvertising) is one of the most popular and effective forms of malware distribution. The internet now runs on digital advertising, which has become an integral revenue stream for almost every major traffic-driving site. Although many are legitimate, an increasing number of ads act as vehicles for malware and viruses.

Some malvertisements are only able to install their software if users click on them. Direct engagement will either start a download process or redirect the victim to a landing page, where the infection can begin. Much more worrying are adverts that don’t even need to be clicked: being on the same page can be enough to infect your device and download a keylogger.

  • Phishing emails

Phishing emails are one of the oldest tricks in the book, but thousands of people fall victim to them every year. As a malware distributor, it's deceptively simple. Victims receive an email containing a link, and the sender will try to tempt or pressure them into clicking. Following the link will begin the keylogger's installation process, infecting the device immediately.

These emails are usually disguised in some way, with senders mimicking a legitimate message from a trusted source. Attackers will pose as banks or other familiar institutions, inspiring trust in potential victims.

  • Infectious websites

Creating a website that automatically installs keylogging malware is relatively easy. As web hosting services and build-it-yourself platforms become ever more popular, infectious sites are on the rise.

It’s never been easier to build a simple website with a professional appearance. With the right keywords and SEO optimization, a criminal can even push their malicious site higher on Google search rankings, catching the eye of unsuspecting browsers. Once a victim navigates onto a dangerous site like this, a keylogger can be surreptitiously installed.

Keyloggers as a corporate tool

It’s not just criminals and hackers who might want to invest in keylogging programs. In fact, many legitimate businesses are willing to buy spyware of this kind to improve security.

This may raise some immediate red flags around worker privacy and ethics, but there are some understandable appeals. With BYOB and remote working on the rise, keylogging software could have a place in a company’s endpoint security protocols. But it must be implemented legally and in good faith.

One obvious advantage is the greater efficiency offered in tracking any improper use of company hardware. Then there's the opportunity to catch and limit high-risk actions that could expose corporate assets to a security breach.

Provided that employees are aware and consenting, a well-deployed keylogger could be an asset to security.

Risks arise when workers are not made aware of how and when their keystrokes are being tracked. This is particularly concerning when the software is active on personal devices that double as both work and home hardware. Context is essential when assessing how ethically sound these practices are in any work environment.

How to protect against keylogging

Whether you're concerned about individual security or the threat to a larger corporate network, it's vital to protect against keyloggers. Take these three simple steps to lower the risks and boost online safety.

  1. Avoid infection

    The best way to protect against keylogging malware is to cut it off at the source. If you can limit your exposure to infection, you’ll reduce the threat. So don’t click on suspicious links in emails and avoid engaging with online advertising, especially when the ads appear on risky sites. Malware of any kind is a problem, so stick with classic best practice to avoid infection.

  2. Invest in antivirus software

    No matter how careful you are, some infection channels are hard to avoid. Malvertising downloads that launch without direct engagement are particularly dangerous. For Step 2, build an extra layer of security and install a good antivirus program. This will raise the security of any device, and can regularly scan for risky downloads.

  3. Get a password manager

    No matter how careful you are, some infection channels are hard to avoid. Malvertising downloads that launch without direct engagement are particularly dangerous. For Step 2, build an extra layer of security and install a good antivirus program. This will raise the security of any device, and can regularly scan for risky downloads.

The biggest risk that keyloggers pose is the exposure of passwords. A simple solution to this threat is a password manager. NordPass auto-fills text boxes and login forms for you, ensuring that you never have to physically type your passwords on the keyboard. Even if malware has managed to bypass your antivirus and take root on your device, the attacker won’t access your credentials.

Chad Hammond
Chad Hammond
Verified author
Chad loves traveling and technology. His global view and open-mindedness add interesting angles to various security topics. He has already traveled to over 80 countries and is not planning to stop any time soon.
Subscribe to NordPass news