Subscribe by RSS

What is a keylogger?

Douglas Crawford

Share this page

A contraction of “keystroke logger”, a keylogger is either a piece of software or a hardware device that records input from your device’s keyboard. Although not strictly part of the definition, keylogger software can also often record video and/or audio input from your device’s camera and/or microphone and capture data from your clipboard. 

In this article, we look at what keyloggers are, how to detect them, and how to remove them. 

Keylogger definition

A keylogger is any software or hardware device that records your keystrokes when using a computer. Note that “computer” includes mobile devices, as some keylogger software can record your taps and swipes on a touchscreen. 

Software keyloggers are by far the most common, and software keylogging viruses can replicate and infect other devices. 

Hardware keylogging devices might be installed by a manufacturer or government agencies that intercept hardware deliveries(new window). However, the most common type of hardware keylogger is a USB device inserted between a computer’s USB port and its keyboard’s USB connector or dongle (for wireless keyboards). Currently, no known hardware keyloggers can log input from a target mobile device’s touchscreen.

Most modern keyloggers send the information they collect over the internet to whoever developed or configured them, but some keyloggers (especially physical ones) may require manual retrieval. 

Are keyloggers malware?

Keyloggers are often a form of malware used by criminal hackers to gain illicit access to passwords, bank account details, credit card details, and other highly sensitive information. (Hackers also use hardware keyloggers — a good example is attaching a physical keylogger to the USB ports of computers at an internet café). 

In addition to simple criminal activity, keylogger malware is used for police surveillance,  state-sponsored cyber warfare, and corporate espionage. 

However, there are (more) legitimate uses for keyloggers:

  • “Net nanny” software suites often include keylogging capabilities that allow parents to monitor their kids’ online activity and help keep them safe.
  • Companies are increasingly using bossware(new window) surveillance software with keylogging capabilities (together with the ability to take screenshots and even webcam photos) to ensure employees don’t slack off. The use of this kind of software has skyrocketed as more and more people work remotely. 

How does a keylogger infect your system?

Malware keyloggers infect systems in the same way that other types of malware do.  

  • Keylogger viruses(new window) self-replicate and spread from computer to computer across networks.
  • Keylogger Trojans(new window) appear to be legitimate software (or hide inside legitimate software).
  • Rootkits(new window) may contain keylogger capabilities and can be difficult to detect, even with good anti-malware software.

Learn more about malware

Attackers often distribute malware keyloggers via drive-by-downloads(new window) (scripts executed when you visit a malicious website) or phishing (where you are tricked into installing malicious software or clicking a link to a drive-by-download website).

Corporate or state-sponsored hackers and the police often perform highly targeted attacks against individuals via personalized spear-phishing tactics that use social engineering to trick the victim into installing a malware keylogger. This type of hacker is also more likely to physically access a device to plant a physical keylogger or infect it with keylogger malware. 

Learn more about phishing and spear phishing(new window)

More legitimately, it’s perfectly legal for someone to install a keylogger on hardware they own. This includes devices given to children by their parents and laptops supplied to employees. 

Remote employees who use their own equipment are often required to install bossware keyloggers on their hardware as a condition of their contract. 

How to detect a keylogger

Malware keyloggers are by far the most common type of keylogger, so the most effective general defense against keyloggers is to use good antivirus software. 

If you use a public computer to do anything sensitive (for example, at an internet café), it’s always a good idea to quickly check that no strange devices are plugged into its USB ports. If you think you might be singled out for targeted surveillance, you should periodically give your computer a thorough physical examination. 

Other ways to protect yourself against keyloggers

All the usual precautions for protecting yourself against malware apply keyloggers:

  • Use good antivirus software
  • Don’t open emails from unknown sources
  • Don’t click links you’re unsure about
  • Don’t install software from untrusted websites

Using two-factor authentication (2FA)(new window) is always a good idea, but be aware that malware keyloggers can often steal the contents of your device’s clipboard. Even if you enter the 2FA code manually using your keyboard, a hacker might be able to see this and use the code to log in to your account while the code is still active. 

Additional precautions you can take include:

Use DNS filtering

DNS filtering blocks connections to blocklisted domains. This can help protect you against downloading malware keyloggers from domains that are known to be malicious. If you already have a keylogger on your system, DNS filtering can prevent it from sending your stolen keystrokes back to the hacker. 

Proton VPN offers a DNS filtering feature that’s available to anyone on a paid plan. In addition to filtering out malware, our NetShield Ad-blocker can block ads and trackers. 

Learn more about NetShield

Use a password manager

By far the most common use of keyloggers is to steal usernames and passwords. A password manager such as Proton Pass can autofill passwords, so there are no keystrokes or touchscreen taps for the keylogger to record.

Get Proton Pass(new window)

Final thoughts

Unless you are a person of particular interest to the police, government agencies, corporate hackers, or otherwise have access to valuable assets that could make you a target for cybercriminals, your primary area of concern should be malware keyloggers that opportunistic criminals randomly distribute.

Your best defenses against picking up such malware are using good anti-malware software and being very careful about phishing, which emails you open, and which links you click. 

Protect your privacy and security online
Get Proton VPN free

Related articles

Why use RAM-less VPN servers?
Some VPN services use RAM-only VPN servers, which they promote as being more secure than traditional servers that use hard drives. At Proton VPN, we do not doubt that RAM-only servers can offer VPN services some legitimate operational advantages, but
Update July 18, 2024: This article has been updated to feature the latest audit of our no-logs policy by Securitum, which was concluded on July 12, 2024. Links to all our no-logs policy audits are included. We’re pleased to announce that Proton VPN
VPN on mobile device
Growing public awareness about the threat posed to our fundamental right to privacy by online trackers has fueled a surge in VPN adoption, a trend that has been boosted thanks to people spending more time online due to the Covid-19 pandemic. Althoug
Tor over VPN
  • Privacy deep dives
Tor over VPN explained
Tor is a powerful privacy tool, but you may not want to use Tor all by itself. Learn why you may want to connect to Tor over a VPN. When you connect to the Internet, especially if you’re using public WiFi, there’s a good chance people are watching y
Smart TV privacy
Smart TVs are essentially televisions that can watch you. Their surge in popularity, along with smart speakers, means corporations (and anyone that can hack these devices) have another window through which they can view your private activity. The dat
Expats should use a VPN
Living abroad can be an adventure, but it also presents unique online privacy obstacles. A VPN can help expats stay in touch with their family and avoid Internet censorship. In the age of the “digital nomad” more and more people are moving abroad. L