This content is part of the Essential Guide: Antimalware tools and techniques security pros need right now

keylogger (keystroke logger or system monitor)

Contributor(s): Taina Teravainen

A keylogger, sometimes called a keystroke logger or system monitor, is a type of surveillance technology used to monitor and record each keystroke typed on a specific computer's keyboard. Keylogger software is also available for use on smartphones, such as Apple's iPhone and Android devices.

Keyloggers are often used as a spyware tool by cybercriminals to steal personally identifiable information (PII), login credentials and sensitive enterprise data. Keylogger recorders may also be used by employers to observe employees' computer activities, parents to supervise their children's internet usage, users to track possible unauthorized activity on their devices or law enforcement agencies to analyze incidents involving computer use. These uses are considered ethical or appropriate in varying degrees.

Types of keyloggers

A hardware-based keylogger is a small device that serves as a connector between the computer keyboard and the computer. The device is designed to resemble an ordinary keyboard PS/2 connector, part of the computer cabling or a USB adaptor, making it relatively easy for someone who wants to monitor a user's behavior to hide such a device. 

Most workstation keyboards also plug into the back of the computer, keeping the connections out of the user's line of sight. A hardware keylogger may also come in the form of a module that is installed inside the keyboard itself. When the user types on the keyboard, the keylogger collects each keystroke and saves it as text in its own miniature hard drive, which may have a memory capacity of up to several gigabytes. The person who installed the keylogger must later return and physically remove the device in order to access the information that has been gathered. There are also wireless keylogger sniffers that can intercept and decrypt data packets being transferred between a wireless keyboard and its receiver.

keylogger software
Screenshot of data captured from keylogger software

A keylogging software program Bottom of Form does not require physical access to the user's computer for installation. It can be downloaded on purpose by someone who wants to monitor activity on a particular computer, or it can be malware downloaded unwittingly and executed as part of a rootkit or remote administration Trojan (RAT). The rootkit can launch and operate stealthily in order to evade manual detection or antivirus scans.

A common keylogger program typically consists of two files that get installed in the same directory: a dynamic link library (DLL) file that does all the recording and an executable file that installs the DLL file and triggers it to work. The keylogger program records each keystroke the user types and uploads the information over the internet periodically to whoever installed the program. There are many other ways that keylogging software can be designed to monitor keystrokes, including hooking keyboard APIs to another application, malicious script injection or memory injection.

Some keylogging programs may include functionality for recording user data besides keystrokes, such as capturing anything that has been copied to the clipboard and taking screenshots of the user's screen or a single application.

Detection, prevention and removal

As there are various types of keyloggers that use different techniques, no single detection or removal method is considered the most effective.

Antikeylogger software is designed specifically to scan for software-based keyloggers, by comparing the files on a computer against a keylogger signature base or a checklist of common keylogger attributes. Using an antikeylogger can be more effective than using an antivirus or antispyware program, as the latter may identify a keylogger as a legitimate program instead of spyware.

Depending on the technique the antispyware application uses, it can possibly locate and disable keylogger software with lower privileges than it has. Use of a network monitor will ensure the user is notified each time an application tries to make a network connection, giving a security team the opportunity to stop any possible keylogger activity. Application whitelisting can also be used to allow only documented, authorized programs to run on a system. 

While visual inspection can be used to identify hardware keyloggers, it is impractical and time-consuming to implement on a large scale. System cages that prevent access to or tampering with USB and PS/2 ports can be added to the user's desktop setup. Extra precautions include using a security token as part of two-factor authentication (2FA) to ensure an attacker cannot use a stolen password alone to log in to a user's account, or using an onscreen keyboard and voice-to-text software to circumvent using a physical keyboard.

This was last updated in May 2017

Continue Reading About keylogger (keystroke logger or system monitor)

Dig Deeper on Hacker tools and techniques: Underground hacking sites

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

How do you protect your personal data from being recorded by keyloggers?
how to use key logg 

This helped me a lot.
Such kind of great informative article. I have also heard about Amac keylogger for PC. It works more effectively. It also helps you in multiple ways.
This is another method hackers use to gain access to systems. My concern with these types of loggers is this, How often do you check your hardware connection from the keyboard to the computer? Most users do not climb under their desk daily and look to see if one has been installed.
I have been puzzled about this and this article give me a lot, now I can clearly know what is the Micro Keylogger and it does really help me.
The use of keyloggers depends on how you are using it. Not all keyloggers are virus, there are legit keylogging softwares on the market, you just have to find them. Those that provides a license to their software are usually legitimate and you can guarantee their service. I for one is using a keylogger on my laptop and it helped me to caught my cheating partner red-handed. I'm using wolfeye keylogger and never regretted it. Look it up. They also have it on cnet, which confirms it is a quality product.
I forgot about that, I installed one on my buddies computer. He suspected his wife was having an affair. Well it only took about 3 days and he was able to see her e-mails being sent to her "friend"... He is now divorced and happier than I have seen him in a couple of years.
Thank you, this document is very useful.
how to make keylogger

what is a keylogger 
-software keylogger
-hardware keylogger


File Extensions and File Formats

Powered by: