A keylogger is a program that logs the keystrokes that a user makes on a computer. They can be used for both legitimate and malicious purposes. However, in most cases, keyloggers are malware deployed by cybercriminals on an infected computer. Once running on a computer, a keylogger can collect the sensitive information that the user types into the computer, such as passwords, credit card numbers, and similar data.
Keyloggers are designed to intercept the keystrokes being sent to a computer. Hardware keyloggers can accomplish this by physically connecting to a computer keyboard to intercept keystrokes, while software keyloggers listen to the events triggered within a computer when a key is pressed. In addition to recording keystrokes, keyloggers may be designed to collect sensitive information in other ways. For example, keystroke monitoring may be used to capture video from a webcam or use the microphone to record audio on an infected device.
Keyloggers pose a threat to the security of an organization’s sensitive data and systems. When sensitive data — such as passwords — is typed into a computer, there are no protections in place preventing it from being collected by malware.
A keylogger can steal sensitive data that can be used for various purposes. Passwords stolen via a keylogger can give an attacker access to corporate applications or systems. Payment card data and other customer or employee data can be used for fraud or to carry out spear phishing and other social engineering attacks. The threat of a keylogger is largely defined by the types of data that it can collect.
Keyloggers can be implemented in a few different ways. These include:
ability to monitor additional actions on infected devices.
Different types of keyloggers can be identified in different ways. In the case of software or mobile keyloggers, an endpoint security solution should be able to identify the malicious or suspicious file and aid in removing it from an infected device.
For hardware keyloggers, a physical inspection of the computer is necessary to identify the malicious device. If something is attached between the keyboard and the computer, there is a high probability that it is a keylogger (unless it is designed to convert from one type of USB port to another). If such a device is present, removing it and connecting the keyboard directly to the computer will disable the keylogger.
Like the detection methods, the means of protecting against keyloggers depend on the type of keylogger. In the case of software and mobile keyloggers, the keylogger is malware installed on the computer itself. Some of the ways to protect against these types of keyloggers include:
In the case of hardware keyloggers, the best defense is maintaining physical control of devices and checking for anomalous devices plugged into computers.
Keyloggers are often distributed as malware; however, they are only one of several malware threats that companies face. To learn more about the current cyber threat landscape, check out Check Point’s 2023 Cyber Security Report.
Check Point Harmony Endpoint provides strong protection against keyloggers and other malware threats. Learn more about how Harmony Endpoint can enhance your organization’s endpoint security with a free demo.