Today’s advanced malware tools often comprise several different components. They are more like Swiss army knives rather than individual tools. This gives an attacker the ability to perform a number of different actions on a compromised system. One important component that is often present in these attack toolkits is a keylogger. A keylogger is a highly specialized tool designed to record every keystroke made on the machine. It gives the attacker the ability to steal huge amounts of sensitive information silently. In this blog post, we will discuss what is a keylogger and keylogger protection.

What is a Keylogger

A keylogger is any piece of software or hardware that has the capability to intercept and record input from the keyboard of a compromised machine without the user’s knowledge. The keylogger can either store the recorded data locally or send it to a remote PC controlled by the attacker.

Keylogger types

There are software-based and hardware-based keyloggers. The most commonly used keylogger is a software-based tool. It is often installed as part of a larger piece of malware, such as a Trojan or rootkit. Such a keylogger is easier to get onto a target machine, since it typically doesn’t require physical access to the machine. It generally has the ability to impersonate an API on the target machine’s operating system, which allows the keylogger to record each keystroke as it’s made. There also are kernel-level keyloggers, man-in-the-browser keyloggers and other more complex variants.

Hardware-based keyloggers are less common, as they are more difficult to implement on the target machine. Hardware keyloggers often require the attacker to have physical access to the target machine. This can be done either during the manufacturing process or after deployment. Some hardware variants can be installed during the manufacturing process, including BIOS-level keyloggers. A malicious insider could install such a keylogger at the factory level. Other hardware keyloggers can be implemented via USB flash drives or as a fake connector for the keyboard that sits between the keyboard cable and the PC. While being more difficult to implement, they can be more flexible for the attacker as they are OS-independent.

Ways of getting infected

Software keyloggers often are delivered along with larger pieces of malware. Target machines can be infected through a drive-by download attack from a malicious website that exploits an existing vulnerability on the PC and installs the malware. Keyloggers also are installed in some cases as part of a legitimate application download. This can be done either through the compromise of the download channel or through the insertion of the malware into the application itself. Hardware-based keyloggers typically are installed by an attacker who has physical access to the target machine.

Ensuring you do not have keyloggers

Keyloggers are designed to remain quiet and undetected. Detection of such keyloggers can be difficult, as the applications do not typically behave like other malicious programs (for e.g., don’t look for valuable data on a target machine and/or send it to a command-and-control server, nor do they attempt to destroy data on the machine, …). The only thing you can do is to install an anti-malware software and scan your device, look for indicators like information leakage, etc. You can also try to circumvent the malware, specifically by booting the PC from a CD or USB drive, or by using a virtual, on-screen keyboard, which prevents the malware from receiving any input from the keyboard.

Protect yourself from a keylogger

Following are some of the tips against keylogger and how to protect your device

Say no to pirated and other suspicious freeware software Maintain a password-change schedule (for e.g. every 3 weeks) Use ‘Limited priviledges’ based OS profile, for daily low-profile tasks Use a modern and up-to-date browser (for e.g. Firefox…), that will help you in avoiding the MiTB based attacks Back-up your data, to avoid data loss in case of account compromises Use 2-factor authentication on your accounts, as it will protect your account even if your password gets compromised

Mailfence is a secure and private email service. Check this email security and privacy crash course, that will help you in combating today’s cybersecurity threats.

Follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team