Stealing your passwords. Collecting your private information. Snooping on your activities. They’re all ways that keylogging programs and devices can be used for ill-gotten gain.
Keyloggers themselves are not inherently malicious. They’re used by businesses to monitor employees and security, and by parents to check on their kids’ safety. But when they are used nefariously, victims can find their bank accounts emptied and their identity stolen.
In this post we look at how keyloggers steal your information, so you can protect yourself from harm.
What is a keylogger?
A keylogger is simply a program or device that logs keystrokes you make on your computer.
However, those used by fraudsters are also Trojan horses, which hide on your system and send information back to a third party.
Keylogging fraud is big business
A few examples of how Trojan horse keyloggers have been used for fraud purposes include the following.
- In 2004, the MyDoom worm infected millions of computers worldwide. As well as being used to organize DoS attacks, it included a keylogger that was used to steal credit card information.
- In 2013, a fake VPN service called AquaVPN installed a keylogger on its customers’ computers in order to steal their data.
- In 2014, a cybercriminal group dubbed NightHunter used phishing emails to infect computers worldwide with a keylogger. The keylogger was used to steal login credentials for Google, Facebook, banks and more.
Keyloggers are able to steal data from thousands of unsuspecting computer users at once, and keylogging software is easily available online. So it’s no wonder threats have kept occurring over the past decade.
How keyloggers infect your computer
Keyloggers wind up on PCs like any other malware – via attachments in phishing emails, malicious downloads and web scripts. Look out for:
- Suspicious attachments – Attachments in phishing emails, especially .zip attachments, are likely to infect your computer. Sometimes they even come from someone you know, if that person’s computer is also infected.
- Fake program offers – Those fraudulent emails and browser ads that offer you a free virus scanning program or video player are usually hiding something. You guessed it: its malware that might include a keylogger.
- Malicious website scripts – Your computer can also be infected via website scripts that exploit browser vulnerabilities. This doesn’t only happen on obviously-sketchy websites. In September 2014, web ads from the Zedo distribution network [NW3] spread keylogging malware via reputable sites including Last.fm.
Once installed, the programs often use rootkit technologies to hide their files and mask their activities. This allows them to run almost invisibly on your system.
How keyloggers record and send what you type
To actually track what you type, a keylogging program must gain access to a part of your system that handles data sent by your keyboard. Three common methods include:
- System hooks that intercept the output of the keyboard
- Substitute keyboard drivers, which also log keystrokes
- Keyboard information requests that use standard system processes
The keylogger then sends the stolen data to a remote location, usually via an unsecured port in your Internet connection.
As anti-virus software and operating systems become more effective at dealing with these kinds of exploits, data thieves are of course developing new ones – and millions of computers are carrying them right now.
Keyloggers are a very real and common threat to your personal data. They’re easily caught and difficult to spot. They can see everything you type, from credit card information and passwords to the emails you write. And they send that data to criminals whose goal is to steal from you.
Make sure you protect your computer and Internet connection with appropriate software. Prevent infection by using email, downloaded files and the web safely. And if you’re worried your computer might already be infected, use a reputable anti-virus scanner to detect and remove it now.