Keystroke Logging: How to Protect Yourself from Keyloggers

There’s seemingly no end to the way cybercriminals can attack you and your personal data. One type of attack that’s been used for decades and is still prevalent is keylogging. Imagine if everything you typed on your keyboard or tapped on your mobile device’s keyboard was recorded and stored somewhere and someone can read all of it. Scary, right? Keylogging lets potential criminals see your personal information and then use it how they see fit. From the following statistics, you can see how pervasive keylogging is and how damaging it can be: Keylogging is a potent threat and you should know what it is and how to protect yourself from keyloggers if you want to keep your data safe. Keylogging, or keystroke logging, is taking a record of everything you type on a keyboard. Keyloggers are a type of spyware that runs in the background without you noticing so you can use your device as you normally would without a clue that it’s there. Keyloggers have both criminal and legitimate uses. Cybercriminals use keyloggers to steal sensitive information you type on a website or app, such as your username and password. They can then sell that info or use it to hack your accounts. Businesses use keyloggers in development, to help troubleshoot issues and improve user experience. Law enforcement and intelligence agencies also use keystroke logging for surveillance. The practice of keystroke logging dates back to the 1970s when the Soviet Union’s intelligence services used it to monitor IBM electric typewriters in Moscow’s embassies. Spyware, such as keyloggers, is still widely used today. Cybercriminals may use keyloggers to capture information about individuals or organizations. Keyloggers can be software or hardware. Each uses different methods to log keystrokes. The types of software keyloggers include: Hardware keyloggers also come in different types, including: Keyloggers record every keystroke you make with a keyboard. Every time you press a button on your keyboard, the keylogger records it. Keystrokes communicate different types of information to your computer. The length, time, and velocity of the keypress, as well as the name of the key used, may all issue commands to your computer. Keyloggers keep track of all of this information, essentially spying on the “conversation” you are having with your computer as you give it commands. Because we input so much of our personal information into our devices, it’s not difficult to assemble a profile of someone just from their logged keystrokes. Anything from Social Security and bank account numbers to email passwords and text messages can reveal a great deal of private information. Keylogging software automates keystroke logging and puts all the data it records into a text file that someone can access later. Some tools go beyond keystrokes and may also record everything you copy and paste to your clipboard, calls, GPS data, and even microphone and camera footage. Keyloggers come in both software or hardware versions, so there are several ways someone could install one. Placing a physical keylogger on a machine is more difficult than downloading software, so most criminals avoid using hardware. When the keylogger is a hardware device, it usually means it’s an “inside job” and you may have a threat in your life. In contrast, software keyloggers have several ways they can enter your machine. Infected web domains are one of the most common ways attackers download keylogging spyware onto victims’ computers. One example from 2018 had the office suite software Zoho’s .com and .eu domains infected. The two domains were enabling about 40% of all keylogger data theft, allowing email addresses to be stolen. Another way attackers get keyloggers onto devices is with malware-infected apps . Google has had to remove apps from the Play Store that contain keylogging malware. Phishing emails are also a big culprit when it comes to keyloggers. Fake emails can contain malicious links or attachments that, when clicked or downloaded, surreptitiously install keylogging spyware on your device. Keyloggers may also spread through infected USB drives. An attacker gets a user to insert the USB key into their computer and the spyware starts installing automatically. The use of keyloggers can be legal when they are for legitimate purposes. If the person who owns the device downloads the keylogging software, it’s perfectly legal. In the workplace, corporate keylogging isn’t uncommon. It’s used to help with testing and debugging. Keystroke logs can also be used to: Businesses that use keylogging in the workplace must inform their employees. If they don’t, they might be breaking employee privacy laws. One use of keylogging that’s widely accepted as legitimate is the popular grammar-checking app Grammarly. While active, the Grammarly app records logs of what a user types to provide grammar and spelling suggestions. Although keylogging is technically legal, it could be ethically questionable in some cases. Spyware, which runs on a computer or device innocuously, may be used by parents to monitor their children or by someone who wants to track their intimate partner. When spyware is used in this way, it verges on stalking. Indeed, apps that allow you to monitor keystrokes, location, and all activity on someone else’s mobile device without their knowing have been dubbed stalkerware . Attackers have started creating keyloggers to evade traditional detection techniques, letting them slip by antivirus software unnoticed. They might inject keyloggers into adware , which antivirus usually doesn’t flag. Most of the time, keyloggers are only one part of a cyberattack. They may have ransomware and cryptocurrency mining or botnet code attached. Attackers may not activate this other malware right away, so a victim could have a keylogger recording their keystrokes for a while before they realize anything is wrong. As with most types of cyberattacks, prevention is better than reaction. Here are a few best practices to keep in mind to avoid falling victim to keystroke logging: Unfortunately, it’s difficult to detect keyloggers without using software to look for them. You have to keep your eyes open to the signs of malware on your machine to run the proper checks that will help you find a malicious keylogger. One sign that your computer has malware or potentially unwanted applications is that your power use and processor usage skyrocket. Malware tends to take up a lot of your computer’s resources, so a computer running more slowly could mean you have a keylogger. Keep in mind that not all keyloggers slow down a computer, so this isn’t a foolproof way to find one. The best way to detect a keylogger is with comprehensive security software that scans your computer for you. If the keylogger is hardware rather than software, you may have to tear down your whole device to find it. Now that you know that keyloggers exist and how pervasive they are, you can take the proper steps to avoid having one infect your device. The best practices for preventing cyberattackers from using keyloggers on you are generally the same precautions you take against most malware. Scrutinize everything, run regular scans of your device, and be smart.