What is a Keylogger?

A keylogger is a program that logs the keystrokes that a user makes on a computer. They can be used for both legitimate and malicious purposes. However, in most cases, keyloggers are malware deployed by cybercriminals on an infected computer. Once running on a computer, a keylogger can collect the sensitive information that the user types into the computer, such as passwords, credit card numbers, and similar data.

Read the Security Report Request a Demo

What is a Keylogger?

How It Works

Keyloggers are designed to intercept the keystrokes being sent to a computer. Hardware keyloggers can accomplish this by physically connecting to a computer keyboard to intercept keystrokes, while software keyloggers listen to the events triggered within a computer when a key is pressed. In addition to recording keystrokes, keyloggers may be designed to collect sensitive information in other ways. For example, keystroke monitoring may be used to capture video from a webcam or use the microphone to record audio on an infected device.

The Keylogger Threat

Keyloggers pose a threat to the security of an organization’s sensitive data and systems. When sensitive data — such as passwords — is typed into a computer, there are no protections in place preventing it from being collected by malware.

A keylogger can steal sensitive data that can be used for various purposes. Passwords stolen via a keylogger can give an attacker access to corporate applications or systems. Payment card data and other customer or employee data can be used for fraud or to carry out spear phishing and other social engineering attacks. The threat of a keylogger is largely defined by the types of data that it can collect.

Types of Keyloggers

Keyloggers can be implemented in a few different ways. These include:

  • Software Keyloggers: Software keyloggers are malware that is installed on an infected computer. It monitors events on the computer to detect keystrokes and may collect video or audio.
  • Hardware Keyloggers: A hardware keylogger is a physical device connected between the keyboard and the computer. With USB keyboards, this will plug directly into the computer’s USB port and the computer will be plugged into it.
  • Mobile Keyloggers: Mobile keyloggers are mobile malware that implements the same functionality as a software keylogger on a computer. The main difference is that a mobile keylogger will record interactions with a touchscreen rather than a keyboard and may have the

ability to monitor additional actions on infected devices.

How to Detect and Remove Keyloggers

Different types of keyloggers can be identified in different ways. In the case of software or mobile keyloggers, an endpoint security solution should be able to identify the malicious or suspicious file and aid in removing it from an infected device.

For hardware keyloggers, a physical inspection of the computer is necessary to identify the malicious device. If something is attached between the keyboard and the computer, there is a high probability that it is a keylogger (unless it is designed to convert from one type of USB port to another). If such a device is present, removing it and connecting the keyboard directly to the computer will disable the keylogger.

How to Protect Against Keyloggers

Like the detection methods, the means of protecting against keyloggers depend on the type of keylogger. In the case of software and mobile keyloggers, the keylogger is malware installed on the computer itself. Some of the ways to protect against these types of keyloggers include:

  • Endpoint Security: Software keyloggers are commonly integrated into malware. An endpoint security solution should be able to identify this malware and block it from installing on a computer.
  • Email Security: Malware is commonly spread via phishing attacks where the malware is embedded in an attachment or downloaded from a malicious link. Be cautious when clicking on links or opening attachments in unsolicited emails.
  • Virtual Keyboards: Some software and all hardware keyloggers monitor button presses on a physical keyboard. Using an on-screen, virtual keyboard can prevent these from collecting keystrokes.
  • Network Monitoring: Keyloggers are designed to collect keystrokes and then send them to the attacker for analysis and use. Network monitoring may be able to identify the data exfiltration, making it possible to detect and remove a keylogger from an infected machine.
  • Account Security: Keyloggers are commonly used to steal passwords, which attackers use to access a user’s online accounts and corporate systems. Implementing strong account security protections such as multi-factor authentication (MFA) and zero trust network access (ZTNA) can reduce the potential impacts of a compromised password.

In the case of hardware keyloggers, the best defense is maintaining physical control of devices and checking for anomalous devices plugged into computers.

Keylogger Protection with Check Point

Keyloggers are often distributed as malware; however, they are only one of several malware threats that companies face. To learn more about the current cyber threat landscape, check out Check Point’s 2023 Cyber Security Report.

Check Point Harmony Endpoint provides strong protection against keyloggers and other malware threats. Learn more about how Harmony Endpoint can enhance your organization’s endpoint security with a free demo.

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK