Be Wary of Keyloggers

In the world of information security, experts know through and through that keyloggers are very sneaky, nasty, dangerous little programs that are a cybercriminal favorite.

It is key to be wary of these sneaky programs that are not immediately noticeable or detectable. Like all forms of software, keyloggers were not initially intended to operate in malicious environments e.g. to spy on someone’s data or breach a device without consent. In fact, keyloggers are used widely today in corporate environments for their ability to monitor and record activity silently in the background, unbeknownst to the user of the device.

The issue is that, with the internet being so innately open, keyloggers are readily available and can be installed on a device by e.g. a jealous partner or stalker. Parents also install these little programs on their children’s devices to monitor what they’re doing. Just like with any beneficial and practical technology, adverse situations do arise with the misuse of these technologies.

Statistically, malicious keyloggers are responsible for a lot of damage and are used in cybercriminal circles. This is why you need to understand what keyloggers are. Also, understanding some scenarios where keyloggers are used is helpful to appreciate what they can do. With that, we can summarize with tips at the end on how to protect yourself from them by using cybersecurity tools and knowledge to your advantage.

What Are Keyloggers Exactly?

A keylogger, a shortened form of keyboard stroke logger, is most often associated today with malicious software. It is a compact program that can but is not limited to, record and spy on what is being typed on the keyboard of a device. It logs mouse clicks and key presses, among other things. In cybersecurity circles, keyloggers are known to collect personal information, and sensitive information e.g. financial or other private data including account passwords and the all-important PIN code. Modern keyloggers can also do more than just record keystrokes, and interact more deeply with your computer or device. This means keyloggers can today take screenshots as well as record your web browsing, email, and instant messaging sessions. Modern keyloggers then leverage the high speed and availability of the internet to send this harvested data to another server for someone on the other side to retrieve.

Keyboards can come both in hardware and software forms, although the latter is much more common and easier to penetrate. Hardware keylogger devices are more of a James Bond type of deal, in that these devices need to be physically inserted somewhere in the computer or keyboard system without the user knowing. Software keyloggers, on the other hand, can leak onto your system just like most other malicious software. That is, via socially engineered schemes and scams, in the form of email attachments or fraudulent email links. Hardware keyloggers are not totally out of the picture though, as these physical devices can be installed on public computers.

Keyloggers Through History

Keyloggers are nothing new in software and surveillance circles. They existed as far back as the 1970s and are a classic example of basic espionage tools that were then used by the government. For more perspective, let’s talk about how the Soviets used this back in the ‘70s. When Soviet spies wanted to snoop on Western adversaries’ information, keyloggers would be used on the electric typewriters used by U.S. institutions at the time. The Soviets, on the other hand, used manual typewriters.

Fast forward to the 1990s when the internet proliferated globally; a massive wave of software programs became available online and was being shared. With that, the first worms, trojans, viruses, and other malicious software also came out into the light as cybercriminals started figuring out ways to make that all-important profit for themselves or their sponsors. Home user security at the time, coupled with a general unsecured and unaware public, meant that the opportunities for cybercriminals were ample.

Today in the 21st Century, keyloggers are a different digital beast. As the world has digitally transformed, so has the most sensitive information e.g. government information. This is why phishing and ransomware have evolved so much because data today is like gold and cyberwar is a legitimate concern. Keyloggers are used by the best of them (hackers) nowadays to spy on governments, entering from low-level entry points and moving laterally within the network to eventually leak into more confidential areas up the chain.

Scenarios Where Keyloggers Are Used

Keyloggers enter your system the same way any other malicious software such as viruses, shell loaders, worms, and the like do. A file has to be downloaded onto your system and executed for a keylogger to work at all. This can happen across many surfaces; email, P2P networks, text message, social media, or instant messaging services. It can also happen by what is called a ‘drive-by’ download whereby simply visiting a malicious website will automatically start the download process in the background. If your web browser, apps, or system is out-of-date then these types of websites can exploit such vulnerabilities in your system.

There are five types of keyloggers;

  • Form Grabbing-Based Keyloggers
  • Kernel-Based Keyloggers
  • API-Based Keyloggers
  • Acoustic Keyloggers
  • Hardware Keyloggers

Form-Grabbing Keyloggers grab form submission data, like API-based keyloggers where they intercept data written in an online form, instead of directly logging it. Kernel-Based (hiding within the operating system) and hardware keyloggers (physical devices) are the ones that are the sneakiest, where keystrokes are directly recorded and are practically undetectable without specialized software or an expert technician. Finally, keyloggers that are acoustic are extremely complex and rarely used types of keyloggers that figure out which keyboard you are using by its acoustic signature. These complicated keyloggers are cumbersome and often inaccurate, so hackers usually do not favor them over others.

Keyloggers have been used for decades to orchestrate major cyber attacks. These cyber-attacks have affected millions of ordinary people, as well as businesses, most often in coordinated campaigns used to steal confidential information e.g. financial information and sensitive communications.

How to Protect Yourself From Keyloggers

Most reputable premium antimalware and antivirus programs can detect the vast majority of keylogger malware in your system and on your devices. However, remember that with sophisticated keyloggers you will not experience hangs, freezes, slow internet connection, or hiccups in your system (with the low-quality ones you will though.) To be even more effective at pinpointing any suspicious programs, you can run your task manager in Windows, or your Activity Monitor on your Apple system to see a list of programs currently running in the background.

There are also downloadable apps where you can check the running processes on your mobile devices, as these run a bit differently than desktop computer systems. You can cross-check the authorized system processes with any suspiciously named processes running in the background. Next, you must keep your operating system updated so that your firewall itself, the first line of defense, is up-to-date with the latest security algorithm. In general, keeping all of the apps you use including your web browser updates is crucial, almost as crucial as avoiding repeating your passwords across accounts and making them short and predictable.

Most importantly, let’s understand that it is practically impossible to download malware if all you do is visit legitimate, HTTPS-secured, SSL-certified websites that are reputable (unless someone is purposefully spying on you.) Also, if you regularly do antimalware and antivirus checks and keep your firewall enabled it is even less likely, perhaps only in the case that you log into an unsecured WiFi hotspot (which can be resolved by using a VPN.) The moment you venture onto the more illicit or pirated content areas of the internet, you are most probably visiting malicious, unsecured, and uncontrolled websites that may contain keyloggers, among other malware.