Don’t let ‘keylogging’ criminals steal your secrets

Jul 18 | 2019

Cybersecurity specialist Malwarebytes explains how cybercriminals use keylogging spyware to watch your every move and how you can stop them.

Cybersecurity specialist Malwarebytes explains how cybercriminals use keylogging spyware to watch your every move and how you can stop them.

Did you know that your keyboard could let cybercriminals eavesdrop on you? Or that they could watch you on your system camera? Or listen over your smartphone’s microphone? Welcome to the world of keyloggers, a particularly insidious type of 
spyware that can record and steal consecutive keystrokes (and much more) that the user enters on a device.

Although for our purposes, keyloggers operate in the context of malware, they are not always illegal to install and use. Keyloggers are a common tool for corporations, that information technology departments use to troubleshoot technical problems on their systems and networks - or to keep an eye on employees surreptitiously. The same goes for, say, parents who want to monitor their children’s activities. Suspicious spouses are another market for keyloggers.

In all such cases, if the organisation or person downloading and installing the keylogger actually owns the device then it’s perfectly legal. And there are thousands of commercially available keyloggers on the Internet that advertise themselves for just such a use.

However, the concern about keyloggers is when malicious criminals are behind them. You don’t know they’ve breached your computer; and depending on what kind of keylogger it is, it can steal any passwords you’ve entered, periodically take screen shots, record the web pages you view, grab on to your sent e-mails and any instant messaging sessions, as well as sensitive financial information (such as credit card numbers, PIN codes, and bank accounts), and then send all that data over the network to a remote computer or web server. There, the person operating the logging programme can retrieve it all, no doubt sending it to third parties for criminal purposes.

Keyloggers come in at least two broad flavours: hardware devices and the more familiar software variety. Hardware devices can be embedded in the internal PC hardware itself, or be an inconspicuous plugin that’s secretly inserted into the keyboard port between the CPU box and the keyboard cable so that it intercepts all the signals as you type. But that means that the cybercriminal has to have physical access to the PC while you’re not present in order to plant the hardware keyloggers.

Software keyloggers are much easier to introduce to and install on victims’ devices, which is why that variety is much more common. Unlike other kinds of malware, software keyloggers are not a threat to the systems they infect themselves. In fact, the whole point of keyloggers is to work behind the scenes, sniffing out the keystrokes while the computer continues to operate normally. But even if they don’t harm the hardware, keyloggers are definitely a threat to users, especially when they steal data pertinent to any number of online payment systems.

How can I tell if I have a keylogger infection?

Keyloggers invade PCs (and Macs, and Androids, and iPhones) in the same way that other malware does. They install when you click on a file attachment that you’ve been duped into opening - most commonly because you fell for a social engineering scheme or a cleverly designed phishing expedition. The attachments can come to you by e-mail, through a text message, an instant message, on social networks, or even through a visit to an otherwise legitimate but infected website, which exploits a vulnerability in it and drops a drive-by malware download. Also, keyloggers rarely arrive solo. The same Trojan that delivers the keylogger can slip other malware on your system - such as adwarespywareransomware, or even a legacy virus.

How can I detect and remove keyloggers?

Are there tell-tale signs that your device is hosting a keylogger? The answer is, it depends.

The well-designed commercial grade of keylogger usually works flawlessly, so it does not affect system performance at all. If the keylogger is sending reports to a remote operator, it disguises itself as normal files or traffic. Some of the programs will even display a notice on the screen that the system is being monitored - such as in a corporate computing environment. Others can reinstall themselves if users somehow succeed in finding them and attempt to remove them.

Keyloggers of poorer quality (such as the malware variety) might reveal themselves in a number of ways. The software might subtly degrade smartphone screenshots to a noticeable degree. On all devices, there could be a slowdown in web browsing performance. Or there’s a distinct lag in your mouse movement or keystrokes, or what you are actually typing doesn’t show up onscreen. You might even get an error message when loading graphics or web pages. All in all, something just seems ‘off’.

Of course, the best way to protect yourself and your equipment from falling victim to keyloggers is to scan your system regularly with a quality cybersecurity program. For instance, Malwarebytes is fully equipped to sniff out keyloggers. It uses heuristics, signature recognition, and identification of typical keylogger behaviour associated with keystroke and screenshot capturing to first find the malware, and then remove it.

How can I protect myself from keyloggers?

Avoid keyloggers by avoiding the user mistakes that lead to their ability to infect phones and computers. It starts with keeping your operating system, your applications and web browsers up to date with the latest security patches. Always be sceptical about any attachments you receive, especially unexpected ones, even if they seem to come from someone you know. When in doubt, contact the sender to ask. Keep your passwords long and complex and avoid using the same one for different services.

Real-time, always-on anti-malware protection is the gold standard for preventing not only infection from a keylogger, but also from all other associated malware threats. For all platforms and devices, from Windows and AndroidMac and iPhones, to business environments, Malwarebytes is a first-line defence against the relentless onslaught of cybercriminal attacks.