What is Keylogger and How to Protect Yourself From a Keylogger?

Today's advanced malware tools often consist of several components. And more than individual tools, they are more like utility knives of the Swiss army. This gives the attacker the ability to perform a wide variety of different actions on an affected system. An important component that is often present in such toolsets is a Keylogger (literally "keylogger" in English). A Keylogger is a highly specialized tool, designed to record every keystroke made on a mechanical keyboard. It gives the attacker the ability to steal huge amounts of sensitive information, completely stealthily. In this article, we will discuss what a Keylogger is, and how to protect yourself from a Keylogger.

What is a Keylogger

A Keylogger is any software with the ability to intercept and record the keystrokes made on the keyboard of the affected machine without the user's knowledge. The Keylogger can either store the recorded data locally or send it to a remote PC, which is under the attacker's control.

Keylogger Types

There are software-based and hardware-based keyloggers. The most commonly used Keyloggers are software-based ones. It is often installed as part of a larger piece of malware, such as a Trojan horse, or a " rootkit ". A Keylogger of this type is easier to insert into a machine since it does not require physical access to it. It generally has the ability to impersonate an API before the target machine's operating system, which allows the Keylogger to record each keystroke as they occur. There are also kernel-level keyloggers, " man in the browser " type keyloggers, and other more complex varieties.

Hardware-based keyloggers are less common, as they are more difficult to implement on the target machine. Hardware-based keyloggers often require the attacker to have physical access to the target machine. This can be done both during the manufacturing process and after the distribution of the equipment. Some varieties of hardware can be installed during the manufacturing process, including BIOS-level keyloggers. A malicious insider could install such a keylogger at the factory level. Other hardware-based keyloggers can be implemented using USB sticks, or as dummy connectors for the keyboard, located between the keyboard cable and the PC. Although they are more difficult to implement, they can be more flexible for the attacker, since they are independent of the Operating System.

Ways to Get Infected

Software Keyloggers are often part of larger malware items. Target machines can be infected by an "unintentional download" attack from a malicious web page that exploits an existing vulnerability in the PC and installs the malware. In some cases, Keyloggers are installed as part of a legitimate application download. This can be done both by affecting the download channel, or by inserting malware into the application itself. Hardware-based keyloggers are usually installed by an attacker with physical access to the target machine.

How to Verify That You Don't Have a Keylogger

Keyloggers are designed to be discreet and to avoid detection. Detection of such Keyloggers can be difficult since the applications do not usually behave like other malicious programs (e.g. they do not search for valuable data on a target machine and/or send it to a command and control server, nor do they attempt to destroy the data on the machine, etc.). The only thing that can be done is to install antivirus software and scan your device, look for indicators, such as information leaks, etc. You can also try to circumvent the malware, specifically by booting your PC from a CD or USB stick, or by using an on-screen virtual keyboard, which prevents the malware from detecting keyboard inputs.

How to Protect Yourself From a Keylogger

Here are some tips to protect yourself from a Keylogger

1. Say 'NO' to any pirated or suspicious free software
2. Follow a password change schedule (eg every three weeks)
3. For low-profile daily tasks, use a "limited privilege" profile in your operating system.
4. Use a modern and up-to-date browser (eg Firefox ...), which helps you avoid attacks like MiTB (from the English "Man in The Browser". Literally, "Man in the browser").
5. Back up your data, to avoid data loss in case your account is compromised
6. Use 2-factor authentication, which will protect your accounts even if someone finds out your password.