Published Jul 22, 2023
Contribute to Docs

Keyloggers are a type of computer malware that records keystroke events on the keyboard and saves them to a log file, allowing the theft of sensitive data.

Keystroke logging is one of several methods to obtain sensitive information like usernames, PINs, passwords and online activities from endpoint devices. An attacker can use this method to collect valuable data without having to breach a database or file server.

How Keyloggers Work

Keyloggers, also known as keystroke loggers, record the keys hit on a device and save them to a file, which is then accessed by the person who deployed the malware. The main purpose of keyloggers is to intercept (potentially sensitive) information that is being entered into a system as a result of the user’s keystrokes.

Keyloggers can be used for both lawful and illegitimate objectives, depending on the user who is utilizing it.

Lawful applications include:

  • Developers and analysts studying user interaction with systems.
  • Employee monitoring.
  • Law enforcement or private investigators looking for evidence of an ongoing crime or inappropriate behavior.
  • Quality assurance testers analyzing sources of system errors.

On the other hand, an unlawful use, would entail a person or organization using keylogging technology without consent in order to capture identities, confidential intellectual property, passwords and any other marketable information.

Types of Keyloggers

Keyloggers fall into four categories: software, hardware, wireless intercept, and acoustic. Although they differ in how they are implemented and how information is captured, they all store captured information in a log file.

When software or hardware keyloggers are used, the log files are stored on the compromised machine. Remote capture technologies (i.e., wireless intercept and acoustic) typically store keystroke data on the collection device.

Software Keyloggers

Software keyloggers capture keystroke information as it passes between the computer keyboard interface and the OS. They are implemented as traditional applications or are kernel-based. In almost all malicious instances of this type of keylogger, users participated in some way in the software’s installation.

Hardware Keyloggers

A hardware keylogger is a device that sits between the keyboard and the computer. They can be relatively inconspicuous and resemble an adapter or thumb drive.

The second technique requires the insertion of a keylogger circuit within the keyboard rather than a separate physical device connected to the PC.

Wireless Intercept Keyloggers

A wireless intercept keylogger uses wireless technologies based on the form of transmission. For instance a Bluetooth-accessible keylogger.

The one big disadvantage of using wireless intercept keyloggers is the need for a receiver/antenna relatively close to the target system because the wireless devices have a limited range of transmission.

Acoustic Keyloggers

An acoustic keylogger requires special equipment that “listens” to a user typing and uses software to perform statistical analysis on the captured data.

The devices used to remotely listen to conversations are used to record typing sounds. Such microphones can be placed in the target work area or long distance solutions can be used.

Parabolic microphones are an example of a long distance device. These microphones can pick up keyboard sounds from hundreds of feet away. Attached equipment records the sounds, which are then passed to audio-to-character translation software.

All contributors

Looking to contribute?

Learn Cybersecurity on Codecademy