The term keylogger is used to designate any computer process (software or hardware) capable of recording the sequences of keys typed on a keyboard, as well as the events triggered by them. This is a type of spyware (virus) that specializes in spying on keystrokes on the computer that hosts it.
A keylogger can collect and transmit your identifiers, passwords, credit card code, denomination under which you open a session… With a keylogger, recovering such information becomes child’s play.
A keylogger is not a virus since it does not modify anything in the computer, it only records the information typed on the keyboard. It’s clearly a spy program. This is most often software, but in rare cases it may be hardware in the form of a box or cable that sits between the keyboard and the computer.
The keylogger discreetly sends the data to a remote Internet server or to the e-mail address of a hacker who can exploit it. Usually, the data thus transmitted is encrypted so that the hacker is the only one who can read the information collected.
So even if you found the offending file, you wouldn’t know its malicious nature. A keylogger may even have a “self-destruct” function so that it is impossible to trace the hacker.
What Can a Keylogger do on a computer?
Here are some other standard features of a keylogger:
- Regularly email an attacker with the latest keystrokes. This method of sending keystrokes to an attacker is most easily detected when the targeted user’s email account is used, leaving a trail in the “Sent” box pointing to the attacker’s email address.
- Wireless transmission of stolen data using Wi-Fi or device data plan, if available.
In some cases, keyloggers include malicious applications that allow remote control of local devices. - Copying clipboard contents to detect stored passwords when users copy and paste a password into a window. For example, stealing clipboard contents could allow an attacker to gain access to keys associated with a user’s cryptocurrency wallet.
- Screenshots of desktop windows. With this feature, an attacker can capture information when the user has configured autofill on their browser. For example, a user may have a cookie stored that remembers the account name for a financial website. The user types the password into the website, but only the password and not the username is captured. With the screenshots, the attacker has the username auto-populated into the image, and the password is then saved as a key.
- Activity tracking to capture user mouse clicks and device actions. By tracking mouse clicks, the attacker can determine currently open files and folders. This could give a remote attacker the ability to determine important files that contain sensitive information.
- Some keylogger malwares can record voice and camera of infected computer systems.
How do I remove a keylogger?
The steps to take to remove a keylogger depend on the malware installed.
Well-written, complex keyloggers can persist on the system even if you think they’ve been deleted. The best way to remove a keylogger is to run a scan of your system and let the anti-malware app remove it.
Most anti-malware software lets you quarantine suspicious apps instead of deleting them automatically. In a quarantine scenario, executable files are moved to a directory on the device where users can review them before permanently deleting them.
If you suspect that a keylogger is installed on your device, the first step is to disconnect from the internet so that any attacker with remote control over the machine can no longer log in.
It also prevents the malware from communicating with an attacker-controlled server and uploading stolen data to a third-party cloud location.
An infected machine should not be on your private network, but you should transfer an anti-malware application to the infected device.
If the anti-malware application is not already installed, you should download it from the Internet or transfer the installation files from a network computer to the infected computer.
You can also transfer files from a mobile device like a smartphone or USB drive. You should be careful when transferring files from another device because sometimes malware transfers files to the connected device.
After installing anti-malware software, start a scan on the computer. The anti-malware program can be configured to automatically delete files or quarantine them. It also needs to remove the software from memory so that the keylogger can no longer record keystrokes.
