Keystroke logging (keylogging) is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. Keylogger doesn’t have to be software, it can also be a device. Legitimate programs may have a keylogging function which can be used to call certain program functions using “hotkeys,” or to toggle between keyboard layouts. There is a lot of legitimate software which is designed to allow administrators to track what employees do throughout the day, or to allow users to track the activity of third parties on their computers. However, the ethical boundary between justified monitoring and espionage is a fine line.
Most modern keyloggers are considered to be legitimate software or hardware and are sold on the open market. Developers and vendors offer a long list of cases in which it would be legal and appropriate to use keyloggers.
Some Legitimate Examples:
- Parental control: parents can track what their children do on the Internet, and can opt to be notified if there are any attempts to access websites containing adult or otherwise inappropriate content.
- Jealous spouses or partners can use a keylogger to track the actions of their better half on the Internet if they suspect them of “virtual cheating”.
- Company security: tracking the use of computers for non-work-related purposes, or the use of workstations after hours.
- Company security: using keyloggers to track the input of keywords and phrases associated with commercial information which could damage the company (materially or otherwise) if disclosed.
- Other security (e.g. law enforcement): using keylogger records to analyze and track incidents linked to the use of personal computers.
Any legitimate keylogging program can still be used with malicious or criminal intent. Today, keyloggers are mainly used to steal user data relating to various online payment systems. Furthermore, many keyloggers hide in the system (with rootkit functionality), which makes them fully-fledged Trojan programs. Unlike other types of malware, keyloggers present no threat to the system itself. Nevertheless, they can be a serious threat to users, as they can be used to intercept passwords and other confidential information entered via the keyboard. As a result, cybercriminals can get PIN codes and account numbers for e-payment systems, passwords to online gaming accounts, email addresses etc.
Once a cybercriminal has got hold of confidential user data, they can easily transfer money from the user’s account or access the user’s online gaming account. Keyloggers also can be used as tools in both industrial and political espionage, accessing data which may include proprietary commercial information and classified government material which could compromise the security of commercial and state-owned organizations (for example, by stealing private encryption keys).
How to Prevent
Most antivirus companies have already added known keyloggers to their databases, making protecting against keyloggers no different from protecting against other types of malicious program: install an antivirus product and keep its database up to date. But virus writers are constantly writing new keylogger Trojans for confidential data.
Since the main purpose of keyloggers is to get confidential data (bank card numbers, passwords, etc.), the most logical ways to protect against unknown keyloggers are:
- Using one-time passwords or two-step authentication,
- Using a system with proactive protection designed to detect keylogging software,
- Using a virtual keyboard.
But the most important way to prevent any malware is common sense. If something doesn't look right don't use or install it.