On this episode 3 of “WhatTheHack?”, we would be talking about Keylogger!

Scared that whatever you type on your computer or desktop could be tracked by an unknown person and he/she would hence know ALL of your secrets? Well… the threat of that happening is more real than ever! Ever heard of keylogger malware? If you do not know .. well you are in luck! Continue to read on this episode of “WhatTheHack?” to learn more about keylogger malware!

So? In the computing world.. what exactly is a Keylogger?

Picture above is an example of a keylogger^^

So firstly …. keylogger is a type of software that does keystroke logging! Keystroke logging is the action of recording (logging) the keys struck on a keyboard, aka keylogger is a program which tracks what keys you type into your keyboard and hence would also know what you are typing.

HOWEVER, not all keyloggers are evil in nature. For eg: It can be downloaded on purpose by the owner of the computer who wants to monitor activity on a particular computer. But more often than not, keyloggers are used for malicious intent like the Keylogger Trojan The malware keeps track of the keystroke and saves the user’s information locally – later the hacker requires physical access to retriever the stored user information. It also works the other way where the hacker can gain instant access to the user data through the Internet. Some keyloggers are programmed to record/log the keystrokes only after a certain activity is initiated. For instance, the keylogger program would start recording only when the user opens the browser to access a specific website. And this can be a serious threat to the victim as his/her personal data like email passwords, bank password, etc would be leaked to the hacker and the hacker could have access to their emails, bank account, etc which could spell doom for the victim (if not detected early)!

So how are keyloggers spreaded? :worried:

1. Keyloggers can be installed when a user clicks on a link or opens an attachment/file from a phishing mail
2. Keyloggers can be installed through webpage script. This is done by exploiting a vulnerable browser and the keylogger is launched when the user visits the malicious website.
3. a keylogger can be installed when a user opens a file attached to an email
4. a keylogger can be installed via a web page script which exploits a browser vulnerability. The program will automatically be launched when a user visits an infected site
5. a keylogger can exploit an infected system and is sometimes capable to download and install other malware to the system.
6. a hardware keylogger (usually in a usb) could be plucked into the computer and start logging the keystrokes

So how can you prevent Keylogger malware/trojan?

1. Many many times a keylogger malware is spread through trojan horses, hence as long as one prevents trojan horses from being installed into their computer like not to respond or click into phishing emails/suspicious emails, etc, and hence the keylogger malware would not exist on the computer! Click here to check out a previous episode of “WhatTheHack?” on Trojan Horses and how to prevent it!

2. Do not allow foreign people to plug in foreign USB devices into your computer without knowing what exactly is inside as it could be a hardware keylogger! ..* System cages that prevent access to or tampering with USB and PS/2 ports can be added to the user’s desktop setup to help identify hardware keyloggers if they are ever implanted onto a computer by a evil person!

3. Update/install your anti-virus/anti-keylogger software! Normally, hackers use keyloggers that can bypass the old/un-updated anti-virus/anti-keylogger software and hence go and infect your computer, hence by updating your anti-virus/anti-keylogger software it would prevent that from happening. Also depending on the technique the antispyware application uses, it can possibly locate and disable keylogger software with lower privileges than it has. Use of a network monitor will ensure the user is notified each time an application tries to make a network connection, giving a security team/ you the opportunity to stop any possible keylogger activity

4. There are many other possible ways to prevent Keylogger Malware.. the above mentioned are just a few of the many possible ways!

In conclusion, Keylogger is a type of software that could remain harmless if used correctly but once it lands into the evil hands of a hacker.. it could be very well be one of the worst malwares alive! However, one just has to take the few and simple steps above and Browser Hijacking can be prevented and all of your data and privacy would be saved!

On the next episode of “WhatTheHack?”, we would be exploring on what the hack is a Phishing Email, how it can affect you (if you fall for its trap) and how you can spot it!! SO STAY TUNED FOR MORE HACKING/COMPUTING TERMS AND KNOWLEDGE ON “WhatTheHack?”

Extra links for you to improve your knowledge on keyloggers:

1. A quick look at keystroke logging Wikipedia?
2. What exactly is a Keylogger Trojan??
3. What is a Keylogger: A Brief on a Dangerous and Malicious Tool?
4. Different types of Keyloggers?

Want to take a quick look at some equally exciting previous “WhatTheHack?” articles?

1. Episode 1:Trojan Horse?