Did you know that your mouse and keyboard could be used by cybercriminals to eavesdrop on you? Yes, you’ve read that right. Even if they don’t have access to such physical devices, they can use them to collect your personal information. Scary, right?
Welcome to the world of keyloggers, a notorious type of spyware that can track and record consecutive keystrokes that you enter on your device!
Although it works like a malware, it isn’t always illegal to use. Keyloggers are widely used by corporations and organizations to troubleshoot problems on their networks and systems, and even spy on suspicious employees.
If the organization or individual downloading, installing, and using the keylogger owns the device used, then the use of keylogger is considered perfectly legal. As a matter of fact, there are thousands of keyloggers available for commercial and personal use, all of them are being advertised for their most obvious purpose: to record keystrokes.
But when do keyloggers become illegal? How do they infect a device? Can keylogger attacks be prevented? Before we answer those questions, let’s take a quick look at how keyloggers started.
History of Keylogging
The idea of keylogging began in the early 1970s, an era when computers were a thing of the future. Russian spies embedded keyloggers in the IBM typewriters used by US diplomats to transmit keystrokes via radio frequencies.
Over the years, the concept of keylogging carried over to computers. One of the first and most popular cases happened in 2005. A businessman from Florida filed a case against the Bank of America after hackers stole $90,000 from his bank account. According to his records, the money had been transferred to an account in Latvia.
After a careful investigation, it was discovered that the businessman’s computer was infected with a malicious program called Backdoor.Coreflood. It recorded his every keystroke and such information was sent to the attackers. This was how the businessman’s account was jeopardized.
At the end of the day, the court did not rule in favor of the businessman as he failed to take precautionary measures when managing his bank account on the internet. His losses were obviously the result of his carelessness and an infamous keylogging software.
Why Keyloggers Are a Threat
If keyloggers aren’t always illegal, when can you say that they are a threat? How do cybercriminals use keyloggers?
Well, keyloggers can be used in many nefarious ways. Criminals can use them to scrape credit card and banking information and collect personal data for identity theft or other malicious doings. Just think about everything that you type into your computer like sensitive information. You can then realize what’s so worrying about these entities.
Types of Keyloggers
Depending on what part of the computer it is embedded to, a keylogger can be categorized as hardware- or software-based. As for the case above, it is evident that a software-based keylogger has attacked the businessman.
A hardware-based keylogger is a tiny device that acts as a connector between the computer and the keyboard. This device is designed to bear a resemblance to an ordinary keyboard connector, regardless of whether it’s a PS/2 connector or a USB adaptor.
A keylogging software, on the other hand, does not require physical access to a computer. It can be intentionally downloaded by anyone who wants to monitor activities on a certain computer. It can also be bundled with legit-looking software or as part of Remote Administration Trojans (RATs).
How Do Keyloggers Work?
A keylogger collects information and sends it back to third-party entities, whether they’re criminals, the IT department, or law enforcement agencies.
Depending on the type of keylogger used, the amount of information collected may vary. The most basic keyloggers may only collect the data entered into an application or a website. The more sophisticated ones may record everything that a user types, no matter the application or program being opened. Other keylogger variants, especially those that are created to attack mobile devices, go further and record other information, such as call history and audio data. They can even gather information from messaging apps, screen captures, microphone, and GPS locations.
Information collected by keyloggers is often sent back to cybercriminals via email, FTP servers, databases, or predefined websites. In cases when a keylogger comes bundled with a massive attack, the attackers can remotely access the machine to download keystroke data.
How Do Keyloggers Spread?
You may ask, “How would I get a keylogger?”
As with all spyware entities, keyloggers can spread in so many ways. They can be installed when you click on a link or open a suspicious attachment from a phishing email. They can also be deployed via fake, personalized advertising emails.
Allow us to explain these two even further.
The first method involves phishing, an act of using a fake email to fish for credit card details and passwords. More often than not, these emails contain attachments that when clicked, automatically download programs into your computer.
The second method is quite personalized. An attacker researches about his victim’s online habits and finds a loophole. For instance, the attacker finds out that the victim frequently visits porn sites. So, he drafts an email with a fake membership subscription to an erotic site. Because this method targets a certain fondness of the victim, the chance of success here is high. The victim will then download the fake attachment without him knowing that he’s already installing a keylogger.
How Do You Detect a Keylogger?
So, how will you know that your computer has a keylogger?
Honestly, keyloggers are difficult to detect. However, the most obvious signs that you need to watch out for include a slow performance when web browsing, mouse clicks and keystrokes pause as you type, loading web pages and graphics, and random error messages that pop up.
How to Protect Yourself from Keyloggers?
The best and most effective precautionary measure you can take is to simply be careful when opening email attachments. Keyloggers can be found in files received via email, text messages, social networks, and even chats. If you receive an email at random or the sender asks you to send your personal information, then there is a chance that you’re dealing with a keylogger.
Other preventive measures to apply are:
1. Implement two-factor authentication
Implementing two-factor authentication would allow you to protect your personal information. With two-factor authentication enabled, a one-time password is sent to another device, in most cases a smartphone. Without access to this device, even if hackers know the password, they cannot retrieve whatever information they need.
2. Keep your anti-malware software up to date
Keyloggers usually come bundled with other malware entities. With an updated anti-malware protection, keyloggers won’t stand a chance. However, further precautionary measures should still be taken, because other keyloggers are only a component of a massive attack.
3. Use virtual onscreen keyboards
The use of a virtual onscreen keyboard can reduce the chances of being keylogged as this keyboard receives input from the user in a slightly different way. Although the use of it may affect a user’s productivity as it takes time to be comfortable with it, it still makes a difference when it comes to security.
4. Implement a strong password policy
The best way for organizations to stay safe is to implement a strong password policy. It’s never enough to rely on anti-malware technology.
Because keyloggers are quite handy in many business processes, we have to accept the fact that they’re not going away anytime soon. They might even become as common as dirt on the cybersecurity realm. Let’s just consider their presence as a gentle reminder to always think before we click and trust our instincts.