What Is Keylogger? The Top 5 Types

SoftwareLab Blog

BY: Tibor Moes / Updated: FEbruary, 2019

What is a Keylogger?

A keylogger is a tool that hackers use to monitor and record the keystrokes you make on your keyboard. Whether they’re installed on your operating system or embedded into the hardware, some keyloggers can be very difficult to detect. Read on to learn more about the most common types of keyloggers and the ways to remove them from your computer.

What you will find out in this article: 

  1. What Is a Keylogger?
  2. What Types of Keyloggers Exist?
  3. Examples of Keylogger Attacks
  4. How to Remove a Keylogger

Hackers can use keyloggers to steal your passwords, credit card info, and bank account details. Don’t put your internet safety at risk! Take a look at our comparison of the best antivirus software and keep your computer and data safe.

Tibor Moes

Founder, SoftwareLab

Keyloggers

While the continuous development of technology has certainly made our lives easier, it has also allowed cybercriminals to monitor our online activity in new and advanced ways. Some cyber threats have become so sophisticated that they may be able to bypass even state-of-the-art cybersecurity software. Keyloggers are a perfect example of these “silent” cyber threats – they give hackers easy access to your personal information but can be almost impossible to detect until it’s too late.

What is a Keylogger?

A keylogger is a tool or a technology that monitors and logs consecutive keystrokes made on a keyboard. It normally operates in a covert fashion so that potential victims wouldn’t suspect that their activities are being monitored. Hackers can use this tool to record their target’s browsing activity and obtain their personal information, which they can then use for their own financial gain by blackmailing the target, withdrawing funds from their bank account, or selling the info to other cybercriminals on the dark web.

Although they are most often used for malicious purposes, keyloggers can also be used for several relatively legitimate reasons. For one, parents can install a keylogger to track what their children are doing online and receive notifications of any unusual activity. Similarly, business owners and managers can use them to ensure optimal productivity of their staff, as well as to verify that the employees aren’t giving away company secrets. Finally, jealous partners can use keyloggers to track their other half’s online activity.

Often erroneously described as malicious software, keyloggers aren’t always software-based. They can also be hardware-based, in which case they are either built into hardware or available as a separate device. As far as software-based keyloggers are concerned, unless they are legitimate, they are usually bundled with malware, spyware, or a virus. Hackers typically distribute this malicious keylogging software via phishing emails that include compromised attachments and/or links to infected websites.

A survey from 2005 found that more than 15 percent of corporate computers were running some type of keystroke logging software. Seeing as more than 80 percent of business owners in the United States have admitted to monitoring their employees’ activity in some way, it is safe to assume that the number of active keyloggers is much higher nowadays. Any unauthorized use of keylogging software is considered illegal in the United States, and the persons responsible for it could serve up to 20 years for wiretapping.

What Types of Keyloggers Exist?

Depending on which part of the computer they are embedded into, all keyloggers can be categorized as either software-based or hardware-based. The five most common types of keyloggers across both these categories include the following:

  1. API-Based Keyloggers

API-based keyloggers are by far the most common. These pieces of keylogging software use the keyboard API (short for application programming interface) to record your keystrokes. Each time you press a key, a notification is sent to the application you are typing in so that the typed character would appear on the screen. API-based keyloggers intercept these notifications and capture each of them as a separate event. The logs are then kept in a file on the system hard drive for easy retrieval by the hacker.

  1. Form Grabbing-Based Keyloggers

Rather than logging each keystroke separately, form grabbing-based keyloggers log the data from your web forms upon submission. Similar to API-based keyloggers, they intercept the submission notification to log all the information you have entered in the form. This can include your full name, address, email phone number, login credentials, or credit card info. The whole process takes place as soon as you hit the “Submit” or “Enter” button and is completed before your form data is submitted to the website.

  1. Kernel-Based Keyloggers

As the name suggests, kernel-based keyloggers inhibit the core of your computer’s operating system (also known as the kernel), which makes them very difficult to detect and remove. They hide inside your operating system and record your keystrokes as they pass through the kernel. Because they are more difficult to write, these keyloggers are rarer than other software-based varieties. They are distributed via rootkits, malicious software bundles that can bypass your computer’s kernel and target the hardware.

  1. Hardware Keyloggers

Hardware keyloggers are devices that use the circuitry inside a keyboard to log keystrokes. They are most often built into the keyboard, although they are also available as either a USB connector (for personal computers) or a Mini-PCI card (for laptop computers). Rather than relying on software to store the logged keystrokes, all records are kept in the internal memory of the device. However, this also means that hackers must have physical access to the keyboard in order to retrieve this information.

  1. Acoustic Keyloggers

Acoustic keyloggers are very complex and are therefore rarely used. They utilize the principles of acoustic cryptanalysis to record your keystrokes on the hardware level. No matter what keyboard you’re using, each key on it has a unique acoustic signature. The differences are subtle, but individual signatures can be determined by analyzing a sample through a variety of statistical methods. However, not only is this very time-consuming but the results might not be as accurate as with other types of keyloggers.

Examples of Keylogger Attacks

Hackers around the world have been using keyloggers for at least two decades to carry out major cyber attacks against individuals, businesses, and networks. Some of the most notable examples of keylogger attacks include the following:

  • In 2016, a major survey conducted by a US-based cybersecurity firm revealed that businesses from 18 countries were targeted as part of a coordinated campaign that used the Olympic Vision keylogger to obtain confidential business-related information. Distributed via fake emails allegedly sent by business associates, this software-based keylogger logged not only keystrokes but also clipboard images and texts, saved logins, and instant messaging chat histories.
  • In 2007, a group of Romanian hackers launched a global phishing campaign that involved the sending of malicious emails to millions of email addresses. When potential victims clicked on the link included in these emails, a software-based keylogger would be installed on their computers. The perpetrators of this cyber attack were finally identified in October 2018, when it was also revealed that they had stolen more than $4 million since the launch of the attack.
  • In 2015, a UK student was arrested and sentenced to four months in prison after it was revealed that he had used a keystroke logging software to up his exam marks. He installed the software on the computers at his university and used it to steal the staff’s login info. After that, he used the login info to access his university records and up the marks on five of his exams.

      How to Remove a Keylogger

      Some types of keyloggers are easily detected and removed by the best antivirus software, but some others may prove very difficult to identify and isolate from your system. That’s because many software-based keyloggers are designed like legitimate software and are thus able to bypass most antivirus or anti-malware programs. To make matters worse, some keyloggers run at a higher level of privilege than standard cybersecurity software, which makes them next-to-impossible to detect and remove.

      If you suspect that someone may have installed a keylogger on your computer but your anti-malware software isn’t detecting anything, you may be able to find it in Windows Task Manager. Simply launch Task Manager and take a close look at the list of active processes to see if there’s anything out of the ordinary. If necessary, ask someone tech-savvy to help you with this step. You can also check your system’s firewall for any suspicious activity, such as unusual amounts of incoming and/or outgoing data.

      As with all other cyber threats, the best way to stay safe from keylogger attacks is to use the best antivirus software and run regular scans of your computer. To ensure that you’re protected against the latest threats, you should configure your antivirus program to automatically download virus definition updates. Finally, don’t open any links or attachments included in suspicious emails as they might initiate an “invisible” download of a keylogger, spyware, adware, or some other type of malicious software.