Keylogger
A type of surveillance software or hardware that records every keystroke made on a computer or mobile device, often used by attackers to capture passwords, credit card numbers, and sensitive information.
In-Depth Explanation
A keylogger is a tool that records keystrokes on a device, capturing everything a user types including passwords, messages, credit card numbers, and other sensitive information. While keyloggers have some legitimate uses (parental controls, corporate monitoring with consent), they are most commonly associated with malicious activity.
Types of keyloggers:
- Software keyloggers: Programs installed on the target device
- Kernel-level: Intercepts keystrokes at the operating system level
- API-level: Hooks into keyboard APIs to capture input
- Form grabbers: Capture web form submissions
- Memory-injection: Inject into browser processes
- Hardware keyloggers: Physical devices attached between keyboard and computer
- USB keyloggers: Small devices plugged into USB ports
- Wireless keyboard sniffers: Intercept wireless keyboard signals
- Acoustic keyloggers: Use sound analysis to determine keystrokes
How keyloggers are deployed:
- Bundled with malware downloaded from malicious websites
- Delivered via phishing emails with infected attachments
- Installed through physical access to the device
- Included in pirated software or cracked applications
- Deployed through drive-by downloads on compromised websites
Detection and prevention:
- Use up-to-date antivirus and endpoint protection
- Enable multi-factor authentication (keylogger captures password but not second factor)
- Use password managers with auto-fill (bypasses keystroke recording)
- Monitor for unusual processes and system behaviour
- Inspect physical USB connections regularly
- Keep software updated to prevent exploit-based installation
- Use virtual keyboards for highly sensitive input
Business Context
Keyloggers are one of the most effective tools for stealing credentials and sensitive data. A single keylogger on one employee device can compromise multiple business accounts, making endpoint protection and MFA essential defences.
How Clever Ops Uses This
Clever Ops protects Australian businesses against keyloggers through endpoint detection and response (EDR) solutions, MFA implementation, and password manager deployment. Our security stack detects and blocks keylogger installation attempts while MFA ensures captured passwords alone are insufficient for access.
Example Use Case
"An employee unknowingly installs a keylogger via a phishing email. The keylogger captures their login credentials, but MFA prevents the attacker from accessing business systems. EDR subsequently detects and removes the keylogger."