What is a Keylogger?
Malware today exists in many forms. It can lock down your computer, download all of your files and even steal your identity. Once your machine has been infected with Keylogger malware, what can criminals actually do with it?
They can use your machine to harvest passwords, send phishing emails, mine cryptocurrencies and much more. Keyloggers are the go-to method for harvesting your credentials.
In its basic form, a Keylogger can either be a physical piece of hardware, or software that intercepts signals from your keyboard and records every keystroke you make. Keyloggers intercept the communication between your keyboard and computer. Software keyloggers are often installed via malware whereas hardware requires physical access to your organization’s network.
A Keylogger in its basic form records every keystroke you make on your keyboard. They are programmed to look out for patterns in what you type, such as commonly repeated phrases, email addresses, contact details and passwords.
As Keyloggers pose a large threat, banks have implemented security features such as using drop down boxes to input your password for online banking. To get around this, some advanced keyloggers are able to take screenshots every time you click your mouse. This means that when you input your password using the drop down box, they can take multiple screenshots of your password.
Keyloggers can find their way onto your system in numerous ways, criminals can either physically load them onto your machine, via the use of USB sticks or infected hardware which requires real-world access to your machine or network.
Criminals can use numerous forms of malware injection (malvertising, phishing, and adware etc) to load the Keylogger onto your machine, then sit back while it harvests all of your credentials.
How do you know if you’ve been infected with a Keylogger?
There are subtle signs that software may be spying on your every move.
Take a step back and assess the performance of your PC – has it become much slower since the last time you ran a specific program?
Does it sometimes appear like your mouse cursor disappears or text takes a while to load once you have typed it?
It could be the case that a Keylogger may be watching your every move.
A Keylogger will contain a signature which can be easily detected by common antivirus programs. If you suspect that your machine is infected with a Keylogger, run a scan on your computer and your antivirus should be able to detect it and remove the program before damage can be done.
How can you protect yourself against a Keylogger?
In a perfect world, you wouldn’t have to enter your password. Instead, credentials would be automatically filled out in a safe, secure environment for quick and easy logins. Luckily, programs like that already exist!
Password managers are becoming increasingly popular because of their ease of use and extremely high-level security protocols. Therefore, with just one click, you can populate the password fields. No keystrokes, no drop down boxes – instant passwords that can’t be tracked or ‘keylogged’.
Most secure sites that hold sensitive information offer the option to have some form of two-factor authentication. For example, Google allows users to authenticate a login by tapping ‘Yes’ on your mobile phone, or by entering a code that’s automatically generated, which is again stored on your personal device.
Therefore, even if cyber criminals do have your password, they can’t get access to your account as your phone is the secondary line of defence and can’t be removed without using two-factor authentication to confirm your login.
This one may seem a little generic, but ensure that all the programs on your computer are up to date. Vulnerabilities which allowed Keyloggers onto your system in the first place may be patched, and may also patch other weak areas you weren’t aware of.
How popular are Keyloggers?
In August, Bleeping Computer reported that Google successfully removed 145 Android apps from the official Play Store, which contained genuine Windows Keyloggers. The Keyloggers within weren’t all from the same strain, instead reportedly came from 3 different sources.
It just goes to show how easy it is to be infected by an official, genuine application source. Even if you take the utmost precaution with vetting websites first, there’s still the possibility that malware could be dropped onto your machine.
Keyloggers are still a huge issue as they’re very easy to create and come with additional functionality which tries to combat current anti-keylogging features and usually attaches to malware that can be picked up from the web.
We offer cyber security training courses that are tailored to teaching you the best ways to keep your passwords safe and secure.
If you’d like to see our course in action, try out our Perfect Passwords training course for FREE by clicking the button below.