What is a keylogger?

Posted on November 24th, 2023 by in Privacy basics.


A contraction of “keystroke logger”, a keylogger is either a piece of software or a hardware device that records input from your device’s keyboard. Although not strictly part of the definition, keylogger software can also often record video and/or audio input from your device’s camera and/or microphone and capture data from your clipboard. 

In this article, we look at what keyloggers are, how to detect them, and how to remove them. 

Keylogger definition

A keylogger is any software or hardware device that records your keystrokes when using a computer. Note that “computer” includes mobile devices, as some keylogger software can record your taps and swipes on a touchscreen. 

Software keyloggers are by far the most common, and software keylogging viruses can replicate and infect other devices. 

Hardware keylogging devices might be installed by a manufacturer or government agencies that intercept hardware deliveries. However, the most common type of hardware keylogger is a USB device inserted between a computer’s USB port and its keyboard’s USB connector or dongle (for wireless keyboards). Currently, no known hardware keyloggers can log input from a target mobile device’s touchscreen.  

Most modern keyloggers send the information they collect over the internet to whoever developed or configured them, but some keyloggers (especially physical ones) may require manual retrieval. 

Are keyloggers malware?

Keyloggers are often a form of malware used by criminal hackers to gain illicit access to passwords, bank account details, credit card details, and other highly sensitive information. (Hackers also use hardware keyloggers — a good example is attaching a physical keylogger to the USB ports of computers at an internet café). 

In addition to simple criminal activity, keylogger malware is used for police surveillance,  state-sponsored cyber warfare, and corporate espionage. 

However, there are (more) legitimate uses for keyloggers:

  • “Net nanny” software suites often include keylogging capabilities that allow parents to monitor their kids’ online activity and help keep them safe.
  • Companies are increasingly using bossware surveillance software with keylogging capabilities (together with the ability to take screenshots and even webcam photos) to ensure employees don’t slack off. The use of this kind of software has skyrocketed as more and more people work remotely. 

How does a keylogger infect your system?

Malware keyloggers infect systems in the same way that other types of malware do.  

  • Keylogger viruses self-replicate and spread from computer to computer across networks.
  • Keylogger Trojans appear to be legitimate software (or hide inside legitimate software).
  • Rootkits may contain keylogger capabilities and can be difficult to detect, even with good anti-malware software.

Learn more about malware

Attackers often distribute malware keyloggers via drive-by-downloads (scripts executed when you visit a malicious website) or phishing (where you are tricked into installing malicious software or clicking a link to a drive-by-download website). 

Corporate or state-sponsored hackers and the police often perform highly targeted attacks against individuals via personalized spear-phishing tactics that use social engineering to trick the victim into installing a malware keylogger. This type of hacker is also more likely to physically access a device to plant a physical keylogger or infect it with keylogger malware. 

Learn more about phishing and spear phishing

More legitimately, it’s perfectly legal for someone to install a keylogger on hardware they own. This includes devices given to children by their parents and laptops supplied to employees. 

Remote employees who use their own equipment are often required to install bossware keyloggers on their hardware as a condition of their contract. 

How to detect a keylogger

Malware keyloggers are by far the most common type of keylogger, so the most effective general defense against keyloggers is to use good antivirus software. 

If you use a public computer to do anything sensitive (for example, at an internet café), it’s always a good idea to quickly check that no strange devices are plugged into its USB ports. If you think you might be singled out for targeted surveillance, you should periodically give your computer a thorough physical examination. 

Other ways to protect yourself against keyloggers

All the usual precautions for protecting yourself against malware apply keyloggers:

  • Use good antivirus software
  • Don’t open emails from unknown sources
  • Don’t click links you’re unsure about
  • Don’t install software from untrusted websites

Using two-factor authentication (2FA) is always a good idea, but be aware that malware keyloggers can often steal the contents of your device’s clipboard. Even if you enter the 2FA code manually using your keyboard, a hacker might be able to see this and use the code to log in to your account while the code is still active. 

Additional precautions you can take include:

Use DNS filtering

DNS filtering blocks connections to blocklisted domains. This can help protect you against downloading malware keyloggers from domains that are known to be malicious. If you already have a keylogger on your system, DNS filtering can prevent it from sending your stolen keystrokes back to the hacker. 

Proton VPN offers a DNS filtering feature that’s available to anyone on a paid plan. In addition to filtering out malware, our NetShield Ad-blocker can block ads and trackers. 

Learn more about NetShield

Use a password manager

By far the most common use of keyloggers is to steal usernames and passwords. A password manager such as Proton Pass can autofill passwords, so there are no keystrokes or touchscreen taps for the keylogger to record. 

Final thoughts

Unless you are a person of particular interest to the police, government agencies, corporate hackers, or otherwise have access to valuable assets that could make you a target for cybercriminals, your primary area of concern should be malware keyloggers that opportunistic criminals randomly distribute.

Your best defenses against picking up such malware are using good anti-malware software and being very careful about phishing, which emails you open, and which links you click. 

Starting with ProPrivacy and now Proton, Douglas has worked for many years as a technology writer. During this time, he has established himself as a thought leader specializing in online privacy. He has been quoted by the BBC News, national newspapers such as The Independent, The Telegraph, and The Daily Mail, and by international technology publications such as Ars Technica, CNET, and LinuxInsider. Douglas was invited by the EFF to help host a livestream session in support of net neutrality. At Proton, Douglas continues to explore his passion for privacy and all things VPN.

your internet

Get Proton VPN
Get Proton VPN