There are many different types of malware, most of which are designed to operate as fast as possible. No matter what malware is trying to do, be it encrypting your hard drive and holding the encryption keys for ransom or just stealing data, malware generally assumes that it is in a race against time before it is detected and deleted by antivirus software.
A key logger is very different however, they are designed to covertly remain on a system as long as possible so they can capture and transmit as much data as possible.
What is a key logger?
A key logger, short for keystroke logger, is a piece of software that actively logs every key that the user presses on their computer. This allows it to monitor everything you do, from private documents you type, to what passwords you use.
It is also possible for key loggers to be a physical device. These are typically USB devices that are simply placed between the keyboard cable and the computer it’s connected to, although versions using the older PS2 connector are available. A physical keylogger doesn’t necessarily have to be placed between the keyboard and the computer. It is possible to use electromagnetic emissions from unshielded cables in wired keyboards to determine the keys being pressed. It’s also possible to monitor the wireless communications of Bluetooth keyboards.
Key loggers are generally malicious in intent. If they are installed covertly, they can be used to monitor a user’s activity without their knowledge potentially for years. There are however legitimate uses for them too. Key loggers can be used as part of scientific studies into writing processes, it’s also possible for employers to use them to monitor employee activity. The legal use of keyloggers typically relies on the informed consent of the user or users being monitored.
Keyloggers are designed to transmit the data that they have collected back to the attacker that installed it, this can be designed as a regular process, or as a single bulk upload after a long-term infection. Software-based keyloggers can just use the device’s internet connection to transmit data back to the attacker.
Hardware keyloggers sometimes exclusively store data locally, requiring the attacker to physically remove the device again to gain access to the data. Some, however, include a pre-paid mobile sim, so a mobile data connection can be used to transmit the data. Alternatively, a keylogger could inject keystrokes when it determines that the computer is on but unattended, to open a connection to the attacker.
Protection against key loggers
Ultimately the best protection against software keyloggers is to minimize your risk of ever getting infected. Not downloading suspicious files from the internet or via email, using an adblocker, and having up to date antivirus software are all good moves.
Network monitoring tools and host-based firewalls can be used to monitor and restrict which programs are attempting to make network connections. This could allow a user to prevent a keylogger from uploading its data, although this wouldn’t work to protect against storage based keyloggers or keyloggers that contain their own networking equipment.
Using an on-screen keyboard would be an effective strategy against a hardware keylogger but not a software one.
Copying and pasting passwords from a password manager would be an effective defense against both hardware and software keyloggers. 2FA would also be a helpful protection mechanism, while it wouldn’t stop your password from being compromised, the attacker would still need your 2fa device to access any of your accounts.