It is called a keylogger, spyware or monitoring software, it can be the equivalent of digital surveillance, revealing every click and touch, every download and conversation. A keylogger (short for keystroke logger) is software that tracks or logs the keys struck on your keyboard, typically in a covert manner so that you don’t know that your actions are being monitored. This is usually done with malicious intent to collect your account information, credit card numbers, user names, passwords, and other private data.Legitimate uses do exist for keyloggers. Parents can monitor their children’s online activity or law enforcement may use it to analyze and track incidents linked to the use of personal computers, and employers can make sure their employees are working instead of surfing the web all day.
Nevertheless, keyloggers can pose a serious threat to users, as they can be used to intercept passwords and other confidential information entered via the keyboard. As a result, cybercriminals can get PIN codes and account numbers for your financial accounts, passwords to your email and social networking accounts and then use this information to take your money, steal your identity and possibly extort information and money from your friends and family.
Many sneaky hacker programs can find their way onto your computer over the internet, and a keylogger is one of the worst. Spyware is a type of malware that records your activities. A keylogger records every keystroke you make on your computer’s keyboard. With this information, a hacker can work out your username and password for a range of sites without even seeing what comes up on the screen.
For example, when you check your email, you might type in “mail.yahoo.com” or “gmail.com” in the address field of your browser. Predictably, your next step is to type in your username and password. Everything you type is sent to a hacker database over the internet, where the text is parsed through to pick out the sensitive parts, like your password.
Keyloggers are also known as keystroke loggers. This is a program that runs all the time on your computer from the minute that you start it up. The keylogger will either record every keystroke you make or just those made in specific fields on websites.
Keyloggers don’t slow down your computer and you won’t even notice when one is in operation. Windows 10 even has a keylogger built into the operating system. Although there are some legitimate uses of keyloggers, such as in the workplace, or to track the internet activities of children, you are also at risk of these programs turning your computer into a spy for hackers.
Keyloggers can embed themselves into the operating system of your computer. These types of malware are called “rootkit” viruses. There are types of keyloggers that can even work at a lower level than the operating system. These are known as “hypervisor malware.” A keylogger may attach itself to your browser as a hidden extension and just report on all of the keystrokes that you make through that app. Other keyloggers manage to infect web pages, so everyone that visits those pages gets their data stolen.
Keyloggers can alter the memory access process of your browser and steal information at that point, or they can be triggered by the click of a web form Submit button. In short, there are many operating scenarios for keyloggers and many different locations on your computer where the program might be running. Rootkit and hypervisor keyloggers are particularly difficult to get rid of. Antimalware programs usually can’t get down to that level and so these keyloggers continue in operation unmolested. Keyloggers that masquerade as browser extensions also often evade detection from antimalware.
Not all keyloggers are software-based. Some operate as a piece of hardware. You are less likely to be subjected to one of these in your home. However, industrial spies sometimes slip in one of these extra jacks in the back of a computer between the keyboard socket and the plug on the lead from the keyboard.
A number of other hardware keyloggers seem to come straight out of a spy movie. These include keyboard overlays, “acoustic keyloggers” that record the sound of a person tapping on a keyboard and work out the tiny difference in the sound that each key makes, and “electromagnetic emission” keyloggers that capture the electric pulses leaking into the air from a keyboard cable.
However, unless you are a spy, or you travel to places such as North Korea on business, the chances of you being hit by a hardware keylogger are slim. Those virus keyloggers that hackers put on the internet are what you need to be concerned about.
How Keyloggers Spread
As most of the malware programs do, keyloggers spread in the same way. Keyloggers are spread through the following ways:
- A keylogger is installed when the victim opens a suspicious attachment from the mail
- When a file is introduced on a P2P network, from an open-access directory, a keylogger can be installed.
- A keylogger can be launched through a web page script
- A keylogger can be installed in the victim’s machine through an existing malicious program in the victim’s system.
How would I get a keylogger?
Keyloggers spread in much the same way that other malicious programs spread. Excluding cases where keyloggers are purchased and installed by a jealous spouse or partner, and the use of keyloggers by security services, keyloggers are installed on your system when you open a file attachment that you received via email, text message, P2P networks, instant message or social networks. Keyloggers can also be installed just by you visiting a website if that site is infected.
How do you detect a keylogger?
Keyloggers are tricky to detect. Some signs that you may have a keylogger on your device include: slower performance when web browsing, your mouse or keystrokes pause or don’t show up onscreen as what you are actually typing or if you receive error screens when loading graphics or web pages.
What can you do to protect yourself?
Just as you maintain your own health on a daily basis by eating well-balanced meals, getting plenty of rest and exercising, you must also maintain your computer or mobile device’s health. That means avoiding keyloggers by avoiding actions that could negatively affect your computer, smartphone or tablet, like visiting dangerous websites or downloading infected programs, videos or games. Here are some tips:
- Use caution when opening attachments – files received via email, P2P networks, chat, social networks, or even text messages (for mobile devices) can be embedded with malicious software that has a keylogger.
- Watch your passwords – Consider using one-time passwords and make sure key sites you log into offer two-step verification. You could also use a password manager like McAfee SafeKey that is available with McAfee LiveSafe™ service, which will automatically remember your user name and passwords, but also prevent keylogging since you are not typing in any information on the site as the password manager will do that for you.
- Try an alternative keyboard layout – Most of the keylogger software available is based on the traditional QWERTY layout so if you use a keyboard layout such as DVORAK, the captured keystrokes does not make sense unless converted.
- Use a comprehensive security solution – Protect all your devices—PCs, Macs, smartphones and tablets—with a solution like McAfee LiveSafe, that offers antivirus, firewall, as well as identity and data protection.
Most of the Information security companies have updated their security products with the latest malware definitions including the prominent keyloggers. So, be sure that your antivirus includes the latest up-to-date malware definition.
Install an antivirus product with latest up-to-date malware definition. As the main intent of keyloggers is to steal confidential banking information – following are the ways to protect the information from unknown keyloggers:
- Implement the use of one-time passwords/ two-factor authentication
- Implement a proactive protection system developed to identify keylogging software
- Prefer to use a virtual keyboard while performing a banking transaction.
For any Cyber Security information contact firstname.lastname@example.org