Keyloggers are specific computer applications or devices which record keyboard input information and send the collected data to some remote, predetermined server where it is later processed by the parties of interest. Both, hardware and software keyloggers can be either malicious or legitimate. Nevertheless, the true essence of the application really depends on how and for what purpose it is used. Since both types of keyloggers work by the same principle — they record keystrokes, save them to a specific file and transfer to third-parties without having to ask explicit computer user’s permission — this means that even the legitimate keylogging programs can be used for malicious purposes. But despite the lack of clearly defined demarcation lines between the legal and malignant applications, these two groups must be distinguished. Let us discuss them individually.
- Legitimate keyloggers, including software and hardware devices, can be labeled as assistance-in-surveillance tools which help parents, company managers, and educators control and monitor their children, employees’ or students’ activity on specific devices, applications or while browsing online. It should preferably, but not necessarily be informed about such data collecting processes.
- Malicious keylogging tools, on the other hand, are designed to stay as stealthy as possible at all times. They are mostly deployed on the targeted computers by Trojans, viruses and exploit kits without the computer user’s permission or consent. Apart from tracking keystrokes, such viruses can also capture screenshots and employ other techniques to extract the necessary information.
Keep in mind that physical keyloggers are not capable of making screenshots, and only collect the raw data that the computer user types on the keyboard. These small devices are placed between the keyboard port and the plug and save the information into its own memory. Thus antivirus or anti-spyware utilities cannot find them. However, just like software keyloggers, these devices can expose you to various privacy violations, including leakage of various login information, passwords, and similar data.
How can malicious keyloggers violate your privacy?
As we have already mentioned, keyloggers are designed to extract information about patterns of activities that are performed on a certain computer. In other words, these programs help unauthorized parties to spy on private users or company employees, this way, violating their privacy or stealing confidential information. It is important to note, though, that these programs do not spread like regular viruses. Instead, they have to be installed on the computer manually. For that, criminals may use brute force network attacks, remote administration tools (RAT) or other invasion techniques. As for the hardware keyloggers, these devices can be sneaked in only physically. Besides, they can be easily be found during a thorough hardware search. Thus, criminals are more concentrated on tracking software which is usually capable of all of the following features:
- It can obfuscate its detection on the computer.
- Hide on the infected device for weeks or months at a time.
- Record keyboard keystrokes.
- Capture scheduled or momentary screenshots.
- Monitor logging window titles and titles of initiated applications.
- Spy on the user’s online activity: record all the visited websites addresses, search queries and other information entered while browsing the web, including login names, passwords, account information, credit card details, etc.
- Keep a record of user’s private communication: chats, instant messages, and email traffic.
All of this information is usually stored and kept on the computer’s hard disk as an encrypted archive or file. This file continuously sends the gathered information to the predetermined servers bit by bit. Thus, regular system checkups are crucial for exposing such potential data leakage channels and closing them in time.
What are the most dangerous keyloggers today?
Keyloggers are not the most popular programs among the malicious software creators. This is probably due to the complicated distribution techniques and very specific application range. Nevertheless, there are numerous legitimate and fake applications that can be found online.
- Briefly introducing the legitimate keyloggers, we should point out Perfect Keylogger — a sophisticated surveillance utility which offers a variety of functions. It is interesting that though Perfect Keylogger is a legitimate application, its functions match and even bypass the ones possessed by most of the malicious programs. This commercial keylogger can be used for taking screenshots, tracking online activity, chat logs, and email exchanges. All of this data is transferred via the network to a predetermined FTP server.
- Unlike the previously mentioned application, AllInOne Keylogger is a malicious program which targets personal information contained the users’ PCs without their consent. Its creators seek to extort as much data as possible. Thus the virus uses keystroke logging, screenshots and advanced obfuscation techniques to run on the computer for as long as possible.
- Invisible Stealth Keylogger is another harmful virus which arrives on the computer as a Trojan horse and immediately unravels its keystroke-logging functionality. But data tracking is not all that Invisible Stealth Keylogger is capable of. This nasty virus also allows the attackers to access the infected computer and control it remotely. As a result, various corrupt programs may be installed, and malicious files can be downloaded on the computer without the user having any control over it.
The main keylogging software distribution strategies:
Keyloggers are not typical viruses because they do not travel like other cyber infections. Legitimate keyloggers are usually installed manually by the computer owner or computer network administrator. Also, hackers may brute force their way into your computer and place the malicious program on your computer led by malicious intentions. Such programs can be installed with the help of other viruses, like the already mentioned Trojans, exploit kits, etc. So far, keylogger attacks have been recorded mostly on Windows operating systems. Nevertheless, hints of these spying programs have been reported on the Mac OS X user camp as well. It is only a matter of time when this malware family will be adapted to all of the popular operating systems.
Peculiarities of keylogger removal and system recovery:
Sadly, after keylogger’s attack retrieval of the corrupt data is virtually impossible, since none of the information that these tools manage to collect stays on the computer. It is constantly transferred to the third-party servers which are private and inaccessible. Since network connection is the key aspect which allows data transfer, it is important to cut it immediately and start looking for the source of the problem. You can trust this task to the professional and reliable anti-spyware tools, for instance, programs like Reimage or Malwarebytes Malwarebytes. Our team of experts has tested this software and their detailed descriptions can be found in the Programs section.
Latest keyloggers in the database
Additional information added on 2016-11-11