Keylogger

A keylogger is any software or hardware component that can intercept and record all manipulations with a computer keyboard. Often, a keylogger is located between the keyboard and the operating system and intercepts all user actions. This tool either stores the intercepted information on the infected computer, or, if it is part of a larger attack, all data is immediately transmitted to the remote computer of the attackers.

Although the term "keylogger" is usually referred to as malware, it is sometimes used by law enforcement agencies as well.

keylogger



Varietes of KeyLoggers

Although there is a wide variety of keylogger options, the main division is made into software and hardware. The most commonly used software keylogger is part of a malicious program such as a Trojan or rootkit. As a rule, this is also an easier option for gaining access to the system of interest without physical intervention.

One of the most common types of software keyloggers can deploy a ready-made API to the target machine that records every keystroke. Keyloggers implemented at the level of the system kernel, Attacker-in-the-Browser spyware add-on and other more complex constructions are also used.

Hardware keyloggers are less common because they are more difficult to implement on the target machine. Such keyloggers must be installed with direct access to the computer, which increases the risk of being declassified. By the way, sometimes such things are arranged at the production level, sometimes even embedded in the BIOS.

Keyloggers can often be embedded in USB devices: storage devices or barely visible adapter plugs in the keyboard cord. Although spyware hardware is more difficult to install, it is more flexible and less dependent on the operation of the attacked system.


Infection method

Software keyloggers are often installed as part of complex malware. Target computers can be infected during hidden boot when visiting an infected site. Often, keyloggers can be implemented in various ways and, under various pretexts, are embedded in completely legal software. Hardware keyloggers are installed by an attacker who has physical access to the computer of interest.



Detection and removal

It is not easy to detect malicious keyloggers, as they do not always behave like many other malicious programs. They do not seek out valuable information and do not send it to a remote server, they do not try to destroy data on an infected machine. Keyloggers do their job quietly and discreetly. Antivirus programs can scan, detect, and eliminate all variants of keyloggers known to them. However, keyloggers designed to target a specific user are not easy to identify, since most often they are not registered as known malicious software. Nevertheless, sooner or later, they are discovered as soon as they begin to manifest themselves by unauthorized sending data to a remote server.

If the user suspects that a keylogger is installed on his computer, then a number of tricks will help protect against the pest. For example, boot the operating system from a CD or USB drive, and use the virtual on-screen keyboard.

Malware-Keylogger

Alika Tsulygina

 next article