The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at

Security Articles - What is a keylogger



What is a keylogger?



According to experts, keystroke loggers pose more risk to PC users than any other tool used for committing cybercrime. Also known as keyloggers, they are small programs or hardware devices that monitor each keystroke you enter on a specific computer's keyboard, including typos, backspacing and retyping.



Recording your every move on the Web

Although keyloggers are promoted for benign purposes like allowing parents to monitor their children's whereabouts on the Internet, they can be used to spy on anyone. They are a form of spyware used by cybercriminals to covertly watch and record everything you type on your PC in order to harvest your log-in names, passwords, and other sensitive information, and send it on to the hackers. This may include any passwords you have asked your computer to remember for you to speed up logging in, as these are held as cookies on your machine.


Unfortunately for consumers, keyloggers are becoming very sophisticated. Once on a PC, they can track websites visited by the user and only log the keystrokes entered on the websites that are of particular interest to the cybercriminal, like online banking websites.




Types of keyloggers


Keyloggers can be one of three types:


Hardware Keyloggers: small inline devices placed between the keyboard and the computer. Because of their size they can often go undetected for a long time, but they do require physical access to the machine. These hardware devices have the power to capture hundreds of keystrokes including banking and email username and passwords.


Software using a hooking mechanism: a type of logging that uses the Windows function SetWindowsHookEx() that monitors all keystrokes and can even capture autocomplete passwords. The spyware will typically come packaged as an executable file that initiates the hook function, plus a DLL file to handle the logging functions.


Kernel/driver keyloggers: a this type of keylogger that is at the kernel level and receives data directly from the input device (typically, a keyboard). It replaces the core software for interpreting keystrokes. It can be programmed to be undetectable by taking advantage of the fact that it is executed on boot, before any user-level applications start. However, since it runs at the kernel level, it cannot record autocomplete passwords, as this information is passed in the application layer.




Stealing bank details


In 2007, keylogging software found its way onto hundreds of PCs belonging to account holders at the large Swedish bank Nordea. In the biggest heist of customer accounts on record, more than $1 million was stolen.


A well-known keylogger named Zeus has been around for quite some time and is designed to steal banking and financial information. It’s set to activate whenever the infected system accesses a site on a predefined list. These sites include most major bank and credit card sites, EBay, PayPal, Amazon, and many more. The keylogger records user names, passwords, account numbers and other sensitive information.


In September 2010, the FBI charged over 37 people in New York City in connection with a crime ring that used Zeus to steal over $3 million.


According to Saul Hansell, a NY Times blogger, attackers have improved keylogging software by making it able to report your login credentials in real time via a Twitter-like stream of updates. That makes it possible for malicious hackers to access your accounts even as you're using them.



How to avoid keyloggers


Your PC can become infected with keyloggers in various ways. You can inadvertently download them from an infected Web site, email attachment, or by clicking on links. Cyberthieves often use Trojan-horse software to load keylogging software onto unsuspecting victims' computers.


To protect yourself against keyloggers, follow these simple tips:


  • Keep all your programs up-to-date - antivirus software or firewall software as well as Windows, Office and other applications.

  • Recognise phishing emails and delete them.

  • Don’t click on links in unsolicited or dubious emails that may point to dodgy sites that are hosting malware.

Was this article helpful?