Think of all the things you enter using your keyboard on a daily basis: personal messages, emails, passwords and online shopping details. Unfortunately, a type of malware exists that can jeopardise the privacy of everything you type.
This sort of malware is called a keylogger, and it specialises in recording typed information. A keylogger can be used by hackers, jealous spouses and employees alike – though are most commonly deployed from afar, integrated with and installed alongside other malware types, such as Trojans, rootkits or spyware.
Read on to find out how you can combat this insidious security threat.
How Can You End Up With A Keylogger?
Keyloggers may be either software or hardware in nature. Hardware keyloggers are uncommon, but can be placed strategically on public computers, much like credit card skimmers can be placed on ATMs.
Hardware keyloggers often operate via USB, and may look like an extra dongle or adapter between a wired keyboard and its port. With the advent of wireless peripherals, too, there has also been the advent of wireless keylogging devices being sold at worryingly low prices. When using public computers, ensure that there are no unusual devices or dongles plugged in, including memory sticks.
Software-based keyloggers are even more difficult to pin down, and can run quietly in the background without your knowledge. However, most anti-virus packages with real-time, heuristic detection can recognise this collection of keystrokes.
On your own machine, take care to keep your anti-virus continually updated – and ensure you’ve chosen one with real-time detection. Running manual scans only when you feel that something is amiss is a poor strategy for preventing keyloggers, as you will often not realise they’re even installed.
How Do Keyloggers Work?
You might rightly be wondering just how useful a lump of raw keystrokes might be. After all, we enter so much information in a day – it could take hours of manual sorting to separate the junk from the passwords, right?
Unfortunately, keyloggers have evolved to almost disturbing levels of sophistication: automatically sensing that the entered information may be a credit card number or password depending on the context in which it is entered.
Other keyloggers can scan through files, extracting text, rather than capturing your typing in real-time. As mentioned before, many are also installed in tandem with other malware – this can allow for even more targetted information collection – for example, having access to browser history can let an attack see which keystrokes correspond to different accounts.
All of the same guidelines for avoiding malware in general also hold true for keyloggers. All the usual tips, like choosing a solid anti-virus package and keeping it up-to-date, as well as being careful what you download and run, can make all the difference.
However, when it comes to reducing the harm done by keyloggers, there’s one more great tool you can take advantage of: the password manager. By eliminating the need to type your password, a manager can render many of the less-sophisticated keyloggers ineffectual.
If you aren’t clued in to this essential security utility, take a look at our guide to password managers for everything you need to get started.