nordpass logo

What Is a Keylogger?

Lukas Grigas
Cybersecurity Content Writer

Spyware continues to haunt internet users and businesses alike, and keyloggers are some of the most dangerous. Keylogging software tracks each keystroke on a device, recording them for a third-party viewer. Cybercriminals use keyloggers to steal passwords and private data in real time; the consequences can be devastating.

That's not to say keylogging programs are only useful to hackers. There are some legitimate applications for this type of software. From infection sources to legal corporate usage, here's everything you need to know about keyloggers.

How does keylogging work?

In a malicious attack, the perpetrator begins by forcing the keylogger onto a victim's device. Like most malware, keylogging uses several common methods for infection, which we'll explore later.

Once the malware's installation is complete, it can yield a range of results. Its reach depends on both the sophistication of the software and the device in which it's operating. A simple tracker might only pick up keystrokes on a single page or application, but a more advanced keylogger can do a lot more.

At the most extreme end of the spectrum, this software can extend itself into almost every facet of a device. Its functions may range from tracking copy-and-pasted data to tapping into a tablet’s microphone. On a phone, an advanced keylogger could record calls, harvest location data, and even take screenshots.

With a keylogger, a criminal could spy on a user’s passwords, sensitive payment information, and private messages. Armed with that information, they can launch further attacks, with individuals and companies facing major losses.

Level up your online safety

With advanced features.

Types of keyloggers

Keyloggers can be split into two categories: hardware based and software based. While the two categories of keystroke loggers are designed for the same purpose — to log each keystroke on the keyboard — their functionality differs.

Hardware-based keyloggers

Hardware keyloggers are actual physical pieces of equipment that can be connected to your PC’s hardware. For instance, a hardware-based keylogger can be situated between your keyboard’s cable and the port that connects it to your computer. This way bad actors can directly log every single keystroke you perform. Hardware-based keystroke loggers are not as prevalent as their software counterparts, because cybercrooks need physical access to the PC to implement them.

Software-based keyloggers

Software-based keystroke loggers are computer programs that can be installed on your computer without requiring direct access to the machine. Such keyloggers are much easier to get onto the potential victim's device, which is the reason software-based keyloggers are so much more prevalent than their hardware counterparts.

Infection: how does a keylogger reach your device?

Like most forms of malware, there are several different infection channels for keyloggers. We’ll focus on three main ways they can get into your device.

  • Malvertising

    Malicious advertising (malvertising) is one of the most popular and effective forms of malware distribution. The internet now runs on digital advertising, which has become an integral revenue stream for almost every major traffic-driving site. Although many are legitimate, an increasing number of ads act as vehicles for malware and viruses.

    Some malvertisements are only able to install their software if users click on them. Direct engagement will either start a download process or redirect the victim to a landing page, where the infection can begin. Much more worrying are adverts that don’t even need to be clicked: being on the same page can be enough to infect your device and download a keylogger.

  • Phishing emails

    Phishing emails are one of the oldest tricks in the book, but thousands of people fall victim to them every year. As a malware distributor, it's deceptively simple. Victims receive an email containing a link, and the sender will try to tempt or pressure them into clicking. Following the link will begin the keylogger's installation process, infecting the device immediately.

    These emails are usually disguised in some way, with senders mimicking a legitimate message from a trusted source. Attackers will pose as banks or other familiar institutions, inspiring trust in potential victims.

  • Infectious websites

    Creating a website that automatically installs keylogging malware is relatively easy. As web hosting services and build-it-yourself platforms become ever more popular, infectious sites are on the rise.

    It’s never been easier to build a simple website with a professional appearance. With the right keywords and SEO optimization, a criminal can even push their malicious site higher in Google’s search rankings, catching the eye of unsuspecting browsers. Once a victim navigates onto a dangerous site like this, a keylogger can be surreptitiously installed.

Can mobile devices be affected by keyloggers?

While no hardware keyloggers have been designed for phones, our mobile devices remain in danger with regard to software keyloggers. Both Android and iOS devices can be easily affected by keyloggers and there’s a whole black market for it.

The main difference between traditionally computer-based and mobile-based keyloggers is that mobile-based keyloggers can monitor more than just keystrokes. Mobile keyloggers can take screenshots, record microphone activity, and access the camera.

Is keylogging illegal?

The issue of keylogger legality essentially lies within their use. Keylogging as well as hardware and software keyloggers are not illegal per se. It is the way they are used and what for that determines the legal aspect of it all.

For instance, commercial keyloggers are often advertised to parents as a way to monitor their kids’ online activities. Many legitimate businesses are also willing to buy spyware of this kind to improve security.

This may raise some immediate red flags around worker privacy and ethics, but there are some understandable appeals. With BYOD and remote working on the rise, keylogging software could have a place in a company’s endpoint security protocols. But it must be implemented legally and in good faith.

One obvious advantage is the greater efficiency offered in tracking improper use of company hardware. Another advantage would be the opportunity to catch and limit high-risk actions that could expose corporate assets to a security breach.

Provided that employees are aware and consenting, a well-deployed keylogger could be an asset to security.

Risks arise when workers are not made aware of how and when their keystrokes are being tracked. This is particularly concerning when the software is active on personal devices that double as both work and home hardware. Context is essential when assessing how ethically sound these practices are in any work environment.

How to detect and remove a keylogger

Detecting a hardware-based keylogger can be a challenge, but it is much easier than detecting its software counterpart. All you need to do is check the actual hardware for any unfamiliar components, such as thumb drives. To remove a hardware keylogger, all you need to do is unplug the suspicious component from your hardware.

Software-based keyloggers are another story. In most instances, software keystroke loggers are designed to run quietly in the background. Some of the signs that your computer is running a keylogger are: slowed performance or disturbances and lag while typing or using a mouse. However, it is crucial to understand that some keyloggers might be designed better than others. And if a keylogger is well built, you will not experience disruptions on your computer.

This is where anti-malware tools can come in handy because they are built to detect malicious and otherwise invasive apps. Additionally, such tools can help you get rid of keystroke loggers automatically. Manual removal can be very tricky if you’re not confident in your IT skills.

How to protect against keylogging

Whether you're concerned about individual security or the threat to a larger corporate network, it's vital to protect yourself against keyloggers. Take these three simple steps to lower the risks and boost online safety.

  1. Avoid infection

    The best way to protect against keylogging malware is to cut it off at the source. If you can limit your exposure to infection, you’ll reduce the threat. So don’t click on suspicious links in emails, and avoid engaging with online advertising, especially when the ads appear on risky sites. Malware of any kind is a problem, so stick with classic best practice to avoid infection.

  2. Invest in antivirus software

    No matter how careful you are, some infection channels are hard to avoid. Malvertising downloads that launch without direct engagement are particularly dangerous. For Step 2, build an extra layer of security and install a good antivirus program. This will raise the security of any device, and can regularly scan for risky downloads.

  3. Get a password manager

    The biggest risk that keyloggers pose is the exposure of passwords. A simple solution to this threat is a password manager. NordPass auto-fills text boxes and login forms for you, ensuring that you never have to physically type your passwords on the keyboard. Even if malware has managed to bypass your antivirus and take root on your device, the attacker won’t access your credentials.

  4. Consider using anti-malware software

    Anti-malware protection is one of the best ways that you can protect your systems from keyloggers. Such software tools are specifically designed to identify not only keystroke loggers but other malicious or otherwise suspicious applications.

  5. Use multi-factor authentication (MFA) to ensure an attacker cannot use stolen credentials

    MFA is an extra layer of security that requires the user to provide an additional factor of proof to authenticate the user’s identity besides their username and password. One of the most popular MFA factors is called one-time passwords (OTP); these are the 4-8 digit codes that are sent to you via email, SMS, or authentication app.

  6. Consider a virtual keyboard and voice-to-text conversion software

    Virtual keyboards or voice-to-text conversion software can be a great way to circumvent keyloggers because they do not require any physical interaction with an actual keyboard. However, it is important to remember that some keystroke loggers can be more sophisticated than others and might be designed to detect and record on-screen interactions.

Bottom line

The online world can be a dangerous place. Today, staying safe online is a real challenge as cyber threats are more frequent and sophisticated than ever before. Being aware of the dangers that lurk, such as keystroke loggers, is imperative and so is taking proactive cybersecurity measures.

Subscribe to NordPass news

Get the latest news and tips from NordPass straight to your inbox.