When we think about malware/viruses, we usually assume malicious software that is supposed to corrupt our device OS, steal stored data, or prevent access to our data. This thinking usually turns a blind eye to the elephant in the room: keyloggers.
Keyloggers are one of the most dangerous types of malware, if not the most. The purpose of a keylogger is to steal your account passwords and financial information, which directly leads to financial and identity loss.
On top of being dangerous, traditional malware protection measures like antivirus aren’t sufficient to protect against keyloggers.
In this article, we’ll dive deep into the world of keyloggers. I’ll talk about what they are and, most importantly, how you can protect yourself from this sneaky and dangerous type of malware.
What Are Keyloggers?
The basic function of a keylogger is to track and record keyboard keystrokes. It usually stores whatever you type using the keyboard in a hidden file and then send the file to the hacker via email or upload it to a server/website.
The hacker can then use the data to steal passwords that you enter while logging in and also credit card information. In a targeted attack, they can also steal sensitive information and company plans.
There are two types of keyloggers, software keyloggers, and hardware keyloggers. Both steal information but work in different ways and require different solutions for protection.
#1. Software Keyloggers
These are the most common type of keyloggers that are usually used for non-targeted large-scale attacks. Once installed on a PC, they work in the background and both record and send data without revealing themselves.
They are created to either work using Windows API or Windows Kernel. Windows API-based keyloggers work like a regular program and usually hide by acting like a legitimate program. You can find them running in the Task Manager or installed programs list.
Windows Kernel-based keyloggers have higher privileges, and they can hide in other Windows processes. They are harder to detect by a user without the help of an antivirus program that specifically looks for rootkit-like behavior. Furthermore, they also have better access to information as they have system-level privileges, unlike Windows API-based, which are limited to the user’s privilege level.
#2. Hardware Keyloggers
A hardware keylogger is a physical device that is attached to the keyboard wire or USB port to steal data. They usually don’t have software attached, so it’s impossible for a user or an antivirus to detect them from the OS. However, this also means they are only limited to recording keystrokes.
Although some advanced keyloggers can also install software or firmware to record more data and execute tasks. But of course, then they also become detectable by antivirus. The recorded data can be sent back to the hacker using a built-in wireless device or data-sharing software. The hacker can also physically take out the device if possible, to view the data.
As it’s a physical device, a hardware keylogger is used in a targeted attack, usually in an enterprise, to steal sensitive information.
Using Keyloggers Legally or Illegally
Usually, keyloggers are seen as illegal or at least unethical. However, they have legal uses depending on what purpose you are using and your country’s laws against them.
In most cases, installing a keylogger on a device that you own isn’t considered illegal. Most device monitoring apps advertised to parents and employers to monitor the kids or employees have a keylogger built-in.
Although, some countries may have laws that force individual consent first. ECPA in the US and PIPEDA in Canada force employers to get employees’ consent. However, many countries and states allow hidden monitoring, which is why spying apps and anti-spyware apps exist.
Of course, any keylogger that is installed on an unowned device without consent is illegal.
How Dangerous Are Keyloggers?
The sole purpose of keyloggers is to steal sensitive information that can be dangerous in the wrong hands, and they are really good at it. Unlike phishing attacks, which rely on users mistakenly entering information on a malicious webpage, keyloggers can outright steal anything, and everything typed out using the keyboard.
Hackers are also really good at filtering overwhelming data stolen, like only opening data with @ sign or numbers. Below are some good reasons why keyloggers can be dangerous.
They Are Not Alone
Many modern keyloggers can do more than just record keystrokes. If you become a victim, there is a good chance more than just the keyboard activity is being recorded. The information they can steal includes clipboard content, your activities within the OS, URLs you access, and screenshots of your activity.
They Affect Both PCs and Smartphones
Keyloggers are a threat to both PCs and smartphones, with smartphone keyloggers maybe even more sophisticated than their PC counterparts. As smartphones have better permissions to track exactly what’s happening on the phone, keyloggers can steal and display data in a better way.
They Can Lead To Social Engineering Attacks
Most sophisticated social engineering attacks, and even whaling phishing attacks, use a keylogger to learn more about the individual. Even if they can’t steal the account information due to extra security (more about this later), they can still learn more about the individual for a social engineering attack.
Privacy Breach And Blackmailing
As they can record everything typed out, they can also read your messages sent to other people on social media or email. If it’s a targeted attack, the hacker can blackmail the user for any illicit activity that was supposed to stay private.
How To Protect Against Keyloggers?
Just like any other malware, you can save your PC from getting infected by a keylogger by using the proper protection tools and not downloading malicious software. You can also adopt some practices that could protect you even if your PC gets infected. Below are all possible ways you can protect against keyloggers:
#1. Get Antivirus With an Anti-keylogger
A basic antivirus won’t work very well against keyloggers. You need a strong solution that has both a keylogger scanner and a rootkit scanner. Avast One not only provides amazing anti-malware and online protection but also has a keylogger remover and rootkit scanner.
Its active protection will prevent most keyloggers from installing, both Windows API and Kernel-based.
#2. Use Keystroke Encryption Software
A keystroke encryption software will encrypt your keystroke at the kernel level to ensure only the app where you are typing can read the data. This prevents any keylogger from seeing the keystrokes. These apps usually have a predefined list of apps they can encrypt, so make sure the software supports the apps you use.
I recommend KeyScrambler for this as it supports hundreds of apps, including browsers, standalone, and business apps. The best part is that its free version at least keep your keystrokes in the browser safe, while most other don’t even have a free version.
#3. Use Virtual Keyboard
Many keyloggers don’t track words typed by the virtual keyboard. For sensitive information like login credentials, you can open up the virtual keyboard to enter the words using mouse clicks. In Windows, you can press the Ctrl+Windows+O key combination to launch the virtual keyboard.
#4. Avoid Suspicious Links And Downloads
Most keyloggers install on the PC acting as legitimate software or are bundled with legitimate software. Don’t download content from untrustworthy sources, and be extra careful while installing to avoid accidentally installing anything extra.
Illegal or unethical content usually has a higher chance of having malware like a keylogger. So avoid downloading copyrighted content, hacks/cheats, automatic fixing tools, and most things involving torrenting.
Suspicious links received via emails are a big no-no, too, as they can lead to a webpage that could automatically download a keylogger.
#5. Use a Password Manager
A password manager protects all your passwords in an encrypted vault and automatically fills login credentials wherever needed without needing to use the keyboard. As the keyboard isn’t used to type the password, a keylogger can’t steal the credentials.
1Password is one such password manager that gives plenty of space to store passwords and documents and works on both PCs and smartphones. Unfortunately, you still need to type the master password used to authenticate a password manager, which can be stolen. Although that can be prevented with 2-step verification (more on it next).
#6. Enable 2-Step Verification When Possible
2-Step Verification adds an extra layer of security by asking for further authentication, usually done by a secondary device. Even if your password gets compromised — say, by a keylogger — the hacker still needs access to the secondary device.
All password managers and most popular apps/services offer a 2-step verification feature. Popular services like Google, Dropbox, Facebook, Slack, Twitter, 1Password, Zapier, and Apple Accounts, among others, offer 2-step verification.
#7. Avoid Public Devices
Public devices can have both software or a hardware-based keylogger to steal information. Avoid using public devices to access sensitive information. If you must access it, then at least change your credentials afterward from a safe PC.
#8. Restrict Software Installation as an Admin
If the PC administration of a company is in your hand, then preventing software installation is a good way to prevent keylogger installation. As most work PCs don’t need additional software to work, you can configure Windows to not allow software installation by users.
#9. Keep OS Up-To-Date
An outdated operating system can have security vulnerabilities that could be abused to install and execute keyloggers. This holds true for both PCs and smartphones. You need to have the latest operating system, but it must be new enough to receive security patches.
#10. Always Have the Firewall Enabled
For Windows, make sure the firewall isn’t down. As keyloggers need to make suspicious connections. They usually get caught by the firewall when they try to send data back to the hacker. You can also try using GlassWire, which tracks each and every connection you make (more on it later).
How To Detect If Your PC is Infected?
If you think your PC got infected even after the protection measures, there are a bunch of clues and tools that could help confirm it. Below you’ll find some common pointers:
#1. Sudden Slow PC Performance
There can be many things that could affect PC performance, like unoptimized settings or bad hardware health. However, if it’s a sudden drop, it could be due to a keylogger. Such malware is usually badly coded, and some also send data back to hackers continuously, which can affect PC performance.
This is especially true if your keyboard and mouse movements are lagging. For example, anything you type has a 200ms+ delay, and the same for mouse movement. Furthermore, if the mouse cursor also disappears randomly, it could be a keylogger’s doing.
#2. Use Task Manager
Task Manager can show the exact processes opened. If it’s a Windows API-based keylogger, it will show up in the Task Manager. Open the Task Manager by pressing Ctrl+Shift+Esc key combination.
Here right-click on the top heading area and enable the Publisher option. This will let you skip through all Windows-related processes because they all have Microsoft as their publisher. For the rest, just look for processes for apps that you didn’t install or don’t know much about. If you find any, search for it online to see if it’s a legit program or not.
#3. Check Recently Accessed Files
Since keyloggers usually record data in a hidden file, it should show up in recent files in Windows whenever it is edited. This area only shows recent files opened by the user, so any file you don’t remember opening should raise suspicion. You can search for the culprit file online or try viewing its data by opening it as a notepad file.
To access recent files in Windows 11, open Start Menu and click on the More button at the bottom-right side. This will show all recently opened/edited files.
#4. Detect Hardware Keyloggers
A hardware keylogger is usually shaped like a USB with a USB port in the back where the keyboard wire is inserted. It’s really easy to detect, but more tricky ones are available too that could act like a charger or a USB cable. Some of them could even be installed inside the CPU, hidden from plain sight.
If you are suspicious, checking all USB ports and the keyboard wire is your best bet to find a keylogger. You can also open the CPU case and see if anything extra is attached to the USB ports.
#5. Use a Network Tracker
A network tracker like GlassWire will not only work like a firewall to stop suspicious connections but also notify you of every connection. By default, it’s configured to notify you whenever a connection to a new server is made. You can view exactly which app created the connection and to where.
Using this info, you can detect suspicious connections manually, even if GlassWire doesn’t detect them automatically.
What To Do If Your PC is Infected?
So you found out your PC is infected and maybe even found out the exact app, which is a keylogger. The solution is simple: get rid of it. Most Windows API-based keyloggers will allow you to uninstall it easily, like any other app, although some may resist.
Below are some things you can do to get rid of the infection, whether it’s known or not:
Use an Uninstaller Program
If you detected the keylogger app, then it’s best to delete it using a third-party uninstaller app. Such an app will not only delete the main app but also delete any associated data, including registry entries. Furthermore, if the app resists getting uninstalled, an uninstaller will just delete everything associated with it to stop it from working.
IObit Uninstaller is my favorite app for this purpose. You can either pick the keylogger from the programs list or browse the PC and add its executable file. If, for some reason, you still can’t delete it, try launching Windows in Safe mode and delete again.
Run a Deep Scan With an AntiVirus
Again, I’ll recommend Avast One for this. It has both a Deep Scan and a Boot-Time scan. The deep scan will search every corner of your OS for any malware. If it can’t find and delete the keylogger, then the Boot-Time scan will scan the PC even before the OS and kernel-level apps could interfere with the scan.
Restore or Reinstall the OS
The above two methods should work. However, if nothing works, you have the option to reset it instead of dealing with an infected device. There are multiple ways to go about this. You can restore the PC to a previous date before it got infected, reset it fully, or even uninstall it completely and install a new OS.
In Windows Settings, go to System > Recovery to find these options. If you choose to fully reset, make sure you back up the important data.
Final Thoughts đź’
Reading before clicking on something and avoiding illegal/unethical content is usually enough to stay safe from most malware attacks. If you are careful, even the basic Windows Defender and the firewall are enough to keep you safe. Although for the conscious ones, Avast One and GlassWire are a good combination of protection against keyloggers and other malware.
You may also explore some paid and free virus removal scanners.
