What Is a Keylogger?

What Is a Keylogger?

Keyloggers are malware that record everything you type, including usernames, passwords, credit card numbers, online chats and other sensitive information. Some can even take screenshots of your device and gain access to your computer's camera and microphone.

Cybercriminals deploy keyloggers to victims' hardware or software to capture data and use it to gain unauthorized access to your email, financial, retail and other accounts. If they gather enough information, they may be able to use your credit card number to make unauthorized purchases, withdraw money from your bank accounts, open credit cards or loans in your name and more.

Learn more: What You Can Do to Avoid Identity and Credit Fraud

How Do Keyloggers Work?

Keyloggers work by embedding themselves on a device (such as your laptop or phone) or website and running in the background. Every time you press a key, the keylogger makes a copy of the action, saves it to a file and sends it to the scammer.

Example: Say you unknowingly download a keylogger onto your computer. The next time you visit your bank's website to complete your online banking, the keylogger will record the keys you press when you enter your username and password. Then it will send that information to the hacker, who may use it to try to access your accounts.

What Information Can Keyloggers Capture?

Because keyloggers record every keystroke, anything you type on your device is transmitted to the scammers, such as your:

• Name and address
• Social Security number
• Usernames and passwords
• Credit and debit card information
• Bank and investment account information
• Health account data
• Tax return data
• Cryptocurrency keys
• Online chats

Types of Keyloggers

There are two broad categories of keyloggers: hardware and software. The way cybercriminals access your information varies based on the type of keylogger they use.

Hardware Keyloggers

Hardware keyloggers require someone to have access to your device. When this type of keylogger is used, the hacker may install it inside a computer cable or USB drive. Because the hardware is so small, the user doesn't typically notice it.

Software Keyloggers

Software keyloggers can track your information when they are downloaded onto your device or written into the code of a website. Common types include:

• API-based: Accesses application programming interfaces on your computer. When you're working within an application, such as your email, the keylogger records the information you enter.
• Kernel-based: Hides in your computer's operating system at the core level and logs all of the keystrokes on your device. Kernel-based keyloggers are difficult to detect and often evade anti-malware programs you may be running to protect your system.
• Form-grabbing: Records data you enter into fields on an online form before it's encrypted, making it possible to steal your information even if you're using a secure website.
• Java-script: Malicious code used to infect websites, not your devices. Java-script keyloggers can capture all the data you enter on a website.
• Acoustic: Each key makes a distinct sound when you press it. Acoustic keyloggers record the sounds to determine what you're typing. Software-based acoustic keyloggers hack the microphone on your computer to record the sound, but microphones can also be embedded into hardware-based keyloggers.

How Do Keyloggers Get on Your Device?

Keyloggers can infect your device in many of the same ways viruses can, including:

• Links: Just as scammers use phishing links to trick you into sending sensitive data, they can use them to deliver keyloggers to your computer. When you click on a link sent by an attacker, the keylogger downloads onto your computer.
• Attachments: Hackers may also infect attachments with keyloggers. When you open the attachment, the keylogger embeds itself onto your computer and starts capturing your keystrokes.
• Downloads: If you install an infected browser extension or software from the internet, you're installing a keylogger too.
• Physical devices: Hardware-based keyloggers can be embedded into USB drives, keyboards and computer wiring to record your keystrokes.

Signs of a Keylogger

Keyloggers aren't always easily detectable. However, if you experience any of the following, it could be a sign that your device has been infected with one.

• Your computer's acting up. If your cursor is moving on its own, your device is taking longer than usual to complete tasks or your computer is freezing or crashing frequently, it's worth checking for keylogger malware.
• You get an alert from your anti-malware program. Malware protection programs run routine scans of your entire system to detect potential vulnerabilities. If you receive an alert after a scan, you could have a keylogger on your computer.
• An unfamiliar program is running. If you notice software or an app that you don't recognize running in the background or listed in your task manager, verify that the program is legitimate.
• Your firewall tells you. Firewalls provide an added layer of protection beyond what your anti-malware software offers. If your firewall notifies you that something's off, find out why.

Tip: Your device may not show obvious signs of a keylogger. Because some keyloggers, especially kernel-based versions, are difficult to detect, your anti-malware protection may not identify them. It's a good idea to manually check your computer periodically to make sure you recognize all the programs and apps that are installed.

How to Protect Yourself Against Keyloggers

Many of the steps you take to avoid identity theft and safeguard your personal information online can also help avoid keylogging.

• Install updates. Run the latest versions of your operating system, internet browsers, software and apps. Set your computer to update automatically to avoid gaps in protection.
• Use anti-malware. Anti-malware programs can identify and remove keyloggers from your computer.
• Be wary of links and attachments. Only click on links and open attachments from sources you know and trust. If you're unsure about whether something is safe, it's best not to click on it.
• Use only reputable software and apps. Downloading infected software, apps or browser extensions can put your computer at risk. Think twice before you download anything from the internet.
• Stick with websites you know. When you need to enter sensitive information online, make sure the website is reputable. For added protection, type the URL into your browser bar instead of clicking on links to avoid malicious sites that look similar to those you know and trust.
• Enable multifactor authentication (MFA). Using MFA won't prevent keylogging, but it can keep scammers from accessing your accounts. With MFA enabled, they will only have one of the pieces of information they need to access your account.
• Create different passwords for each account. Creating unique passwords can help minimize the damage if a keylogger captures your username and password for a single account. The scammer won't be able to use the same credentials to access all of your accounts.
• Take advantage of password managers. Password managers automatically populate your login credentials for each of your accounts. Since you don't have to type your username and password, a keylogger won't capture your keystrokes.
• Use a virtual keyboard. Consider replacing your traditional keyboard with a virtual version that appears only on your computer screen. Keyloggers can't record keystrokes from a virtual keyboard. However, some keylogging malware may be able to see what you're typing by capturing images from your computer screen.

How to Remove a Keylogger

The process for removing a keylogger from your system varies depending on whether you have a PC or a Mac. But here's a basic overview to get you started.

• Run an antivirus scan of your computer. The simplest way to get rid of a keylogger is to have your anti-malware program do it for you.
• Locate the keylogger on your system. To remove a keylogger manually, the first thing you need to do is find it. Keyloggers can hide in multiple places, including apps, software and browser extensions.
• Verify the legitimacy of programs. Do a little research if you come across something you don't recognize so you don't inadvertently delete a file you need.
• Uninstall malicious programs. Remove all files, apps, software and browser extensions you confirm are dangerous. Be sure to also delete the temporary files associated with them.
• Conduct a factory reset. This step should be a last resort because it will delete everything, not just the keylogger, from your device. But if, despite your best efforts, you're unable to remove a keylogger from your system, you may need to restore your computer to the factory settings. It's crucial that you back up all your files before doing this to avoid losing them.

Tip: Some keyloggers can be particularly stealthy and difficult to remove. If you're unable to resolve the problem on your own, consider consulting a professional.

Frequently Asked Questions

Stay Safe Online

Keylogger malware can cause significant harm to victims by sending their sensitive data to hackers, which can then be used to access their accounts or steal their identity. While there's no foolproof solution for stopping cybercriminals, adopting a multilayered approach to staying safe online can help you avoid cyberattacks.

Antimalware programs can be an important tool for identifying and removing threats like keyloggers and viruses, but they should be your last line of defense, not your first. Keeping your information safe and secure starts by taking proactive steps—such as using the latest versions of operating systems, visiting only reputable websites and avoiding suspicious links and attachments—to protect it from falling into the wrong hands.

For added security, consider identity theft protection from Experian, which offers ongoing monitoring, identity theft insurance and access to fraud resolution specialists.