Security Center

Learn about the latest cyber threats and how to protect yourself.

Security Center / Definitions / Keyloggers

Keyloggers

Keyloggers

Some cyber threats your home computer, and by association you also can face, seem like they are borrowed straight out of sci-fi or spy movie. But they are as real as real can be, and while you might not know it yet, but you are their target.

According to the SophosLabs 2019 Threat Report , attackers are upping the ‘innovativeness’ ante. They’re exploiting vulnerabilities with a range of malware exploits like a keylogger attack. 

What is a keylogger?

A keylogger is spyware (belonging to the ever-growing family of malware). It’s one of the most insidious types of attacks. Imagine you’re typing something on the keyboard (like entering sensitive data!). You believe nobody is watching, but in fact, keylogging software is hard at work logging everything that you are typing.

Keyloggers are activity-monitoring software programs that give hackers access to your personal data. The passwords and credit card numbers you type, the webpages you visit, all by logging your keyboard strokes. The software is installed on your computer,which records everything you type. Then it sends this log file to a server, where cybercriminals are waiting to make use of all this sensitive information.

If keyloggers seem like Hollywood fiction, that’s because we’ve seen them on the silver screen before. You might remember Tom Cruise’s character using one a Mission Impossible film, and the popular hacker show Mr. Robot bases a key plot point around keyloggers.

These cybercriminals aren’t just eavesdropping on whatever you are typing. They have ringside seats!

They aren’t always illegal

Reading the keylogger definition, you might think all keyloggers are illegal.

No, they aren’t. Surprising, right? They aren’t illegal! They do have legitimate, useful applications. For example, keyloggers are often used by IT departments of organizations to troubleshoot problems and systems. Also, they can keep an eye on employee activities. And on a personal level, you can keep an eye on what your kids are up to on your computer. Plus there are plenty of other perfectly legal use cases for installing a keylogger on computers.

Keylogging goes south and becomes a threat if there is malicious intent behind keyloggers. To put it simply, if you install a keylogger on a device you own, it is legal. If you do not own the device and are installing the keylogger behind the back of the actual owner, to steal data, it is illegal.

Two types of keyloggers

Some keyloggers can be hardware devices embedded within your internal PC hardware. They also come as a form of a plug placed between the CPU box and keyboard cable in an inconspicuous manner. In either case, someone will have to physically plant the hardware into your PC or its peripherals. This will require a rare degree of secrecy, if it needs to be achieved clandestinely.

The second type of keyloggers are software that can be easily installed on victims’ devices. While this software is a type of malware, it is “good” malware, wherein it doesn’t harm its host. Its sole job is to snoop into the keystrokes and not impact the computer. You merrily go about your business, while undetectable keyloggers start stealing personal or sensitive data, without you being the wiser.

Keylogging attack path

Attack tactics like phishing and social engineering are some of the common ways keyloggers are introduced to and installed on computers. But there is another way this software can find its way to your computer. Think of a scenario where you make your way to a filesharing site and choose a software download. While doing so, you get something extra in the bargain. Unbeknownst to you, your software came bundled with a keylogger. This way a keylogger can infiltrate your “safe” computer.

How to remove a keylogger (prevention is better than cure)

Taking responsibility for your personal computer’s security is the first step towards getting some sort of protection from a keylogger attack. Irresponsible use of a computer is a security hazard and can put your data at risk.

Here are a few tips for keylogger removal to avoid getting sucked into the “maelstrom” of cyberattacks:

  • If you really think your computer can be a target of keyloggers, keep checking for unwanted/un-downloaded software, and delete it
  • Don’t download files from unknown sources
  • While entering password info on banking sites, use a virtual keyboard; in fact, use a virtual keyboard wherever possible
  • Use a password manager, as the manager will automatically enter the password, making keystrokes redundant (no keystroke, no keystroke logging)
  • Use a powerful and next-gen antivirus and internet security suite that can keep your personal computer safe from advanced and evolved cyberattacks and identify and remove malicious software for you

A comprehensive internet security suite holds the key

With Sophos Home you get the advantage of AI-enabled security that helps protect your PC and laptops from advanced viruses, exploits, malware, and ransomware attacks. You can get your hands on free endpoint protection for 30 days and move to Sophos Home Premium when you’re ready to upgrade.

Sophos Home’s ‘Privacy Protection’ feature protects your privacy from unauthorized intrusion and encrypts everything you type, such as usernames and passwords. It prevents hackers from capturing your sensitive data or accessing your online accounts. Sophos Home also guards your banking and credit information from malicious third parties and keylogger software.

Sophos Home Free includes a free 30-day trial of Premium plus an immediate Advanced Malware Removal to thoroughly clean your computer of any current malware infections.

Download Free Edition