TMCnet Feature Free eNews Subscription
November 13, 2018

Personal Data Risks: Why Hackers Infect Your Computer with Keyloggers



Today’s powerful computer viruses often consist of several components, each responsible for its own aspect of harmful effects. These programs resemble Swiss military knives and allow an attacker to perform various activities on an infected system. One of the common elements used during cyberattacks is called a keylogger.



Keylogger definition

A keylogger is a type of software or (sometimes hardware) that can intercept and record user activities performed on an infected computer. Most often keyloggers, as the name suggests, monitor the keyboard and your keystrokes. More sophisticated types of keyloggers monitor mouse movements and clipboard activities.

So, as we said, the keylogger most often represents an intermediate agent located between the keyboard and the operating system. It tracks all communication without the user's knowledge. In addition, it can store and save data locally on the infected computer. When the keylogger is part of a more advanced attack, then it may transfer the recorded data to a remote computer under the control of an attacker.

Although the term "keylogger" is usually used in relation to harmful programs, there are also semi-legal monitoring tools that have the features of keyloggers. These are used by law enforcement agencies.

Types of keyloggers

There are many types of keyloggers, however, in general, they can be divided into two main categories: software programs and special equipment. Software keyloggers are used more often and are usually a part of larger type of malicious software, such as a Trojan or rootkit.

Software keyloggers are easy to install on the attacked computer because they do not require physical access to it. A characteristic feature of keyloggers is the ability to impersonate the application interface of the Windows system. It allows them to track every keystroke without being noticed. There are also kernel keyloggers, man-in-the-browser keyloggers and many more.

Hardware keyloggers are less common because they require a physical access to the victim’s device. Some parts can be implemented already at the equipment production stage (in BIOS), can also be installed on a USB flash drive or in the form of fake keyboard connectors (between a keyboard cord and a computer). Despite the fact that this option is more difficult to install, it can increase the flexibility of the attacker's actions, as it is completely independent of the system.

Infection methods

Software keyloggers are often delivered to devices by malicious downloaders as a component of complex malware. Machines can be infected through a drive-by download attack from a malicious website that exploits existing vulnerabilities on your computer. Another popular infection method is spam email campaigns. In some cases, keyloggers can be installed as legitimately looking programs - by infecting the download path or by adding a pest to the program itself.

Hardware keyloggers are most often installed by an attacker who has physical access to a computer.

Detection and removal of keyloggers

Detecting malicious keyloggers is not so easy due to the fact that these applications do not behave like other malicious programs. They do not search the victim’s computer for valuable data and do not send it to the distant servers. Moreover, unlike other malware, they do not harm the data stored on the infected device. Keyloggers are programmed so that their presence goes unnoticed, these are secret spies working undercover.

Anti-malware products may detect and remove all already known variants of keyloggers, but in the case of a targeted attack they may not be recognized quickly enough, and time will depend on the activity of the malicious program on the infected computer.

When a user suspects that a keylogger has appeared on his device, he can try to outwit it by launching a different operating system from a USB flash drive or using a virtual keyboard. It is recommended to scan your system for viruses on regular basis and to update all software and system the day new patches arrive.

=====

Author: David Balaban

David Balaban is a computer security researcher with over 15 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking.



» More TMCnet Feature Articles
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE

LATEST TMCNET ARTICLES

» More TMCnet Feature Articles