What are Keyloggers?

Threat Type: Keyloggers

Threat Category: Malware-Based Threat

Cyber Threat Indicators

Keyloggers a keystroke logger is a surveillance technology—either a piece of software or a dedicated hardware device-designed to covertly record every keystroke made on a computer or mobile device.

Its primary malicious purpose is to steal sensitive information like passwords, credit card numbers, and private messages without the user's knowledge. 

Core Characteristics

Keyloggers, whether hardware or software, share core characteristics that enable their stealthy data collection:

Stealth and Persistence: They are designed to operate secretly in the background. Software keyloggers often run as hidden processes and may employ rootkit techniques to avoid detection by standard anti-malware programs. Hardware keyloggers are physically designed to blend in with existing computer components.

Data Capture: Their core function is to capture and record input from the keyboard. Advanced keyloggers often capture more than just keystrokes, including:

• Clipboard contents (anything copied/pasted).

• Periodic screenshots (screen scraping).

• Web browser activity (URLs visited, form data).

Data Exfiltration: Once the data is recorded, the keylogger must send it to the attacker. 

Common methods include:

• Uploading the log files to a remote server (FTP, HTTP).

• Periodically emailing the logs to a predefined address.

• Storing the data locally for the attacker to retrieve physically (common with hardware loggers)

Common Examples and Tactics

Keyloggers are categorized into two main types Software and Hardware keyloggers.

Software Keyloggers

These are malicious programs installed on a device. They are the most common type used in cyberattacks because they can be installed remotely.

API-Based Keyloggers: This is the most prevalent type. They exploit the operating system's Application Programming Interfaces (APIs) to "hook" into the system's keyboard input functions, recording keystrokes before they are processed by the target application.

Kernel-Level Keyloggers: These are highly sophisticated and operate at the operating system's core (the kernel). This deep integration gives them high privileges, making them exceptionally difficult to detect and remove.

Form-Grabbing Keyloggers: Instead of recording keystrokes, these target the web browser. They capture the entire data entered into web forms (like login credentials or payment details) before the browser encrypts the information and transmits it.

Malware Distribution Tactics: Software keyloggers are often deployed via common malware distribution methods:

• Phishing: Sent as attachments or links in fraudulent emails.

  
  

• Trojans: Embedded within seemingly legitimate software downloads.

  
  

• Drive-by Downloads: Installed when a user visits a malicious or compromised website.

Hardware Keyloggers

These are physical devices that must be physically attached to the target computer. While less common in large-scale attacks, they are highly effective and undetectable by antivirus software.

Inline Devices: Small adapters that plug into the keyboard cable port (such as USB or PS/2) and then the keyboard plugs into the adapter. They intercept and store the keystroke signals before they ever reach the computer's operating system.

Wireless Sniffers: Devices used to intercept the unencrypted radio frequency (RF) signals transmitted by some wireless keyboards.

Keyboard Overlays: Physical, often thin keypads placed over the legitimate keypad (often seen in ATM skimming attacks) to record button presses.

Acoustic Keyloggers: This niche and rarely used method involves analyzing the subtle, distinct sound produced by the different keys when they are pressed to reconstruct the input.

---

VIIEGO the human security agency for human security research and consulting in identity manipulation and fraud prevention to decode human behavior and secure your identity.

www.viiego.com | Protect What's Yours.