What it is
A keylogger, short for keystroke logger, is a surveillance tool designed to record every keystroke typed on a keyboard. Attackers deploy software keyloggers through malware infections, phishing campaigns, or compromised downloads. Hardware keyloggers, on the other hand, are physical devices inserted between a keyboard and a computer to capture input before it reaches the operating system.
Once installed, keyloggers can harvest sensitive information such as login credentials, payment data, or personal messages. More advanced variants include form grabbers that intercept web form submissions and screenloggers that periodically capture screenshots to supplement text logs. These stolen records are exfiltrated to a command-and-control server for attacker access.
Why it matters
Keyloggers pose significant privacy and financial risks. They can defeat password managers, bypass multi-factor authentication by stealing one-time passwords typed in browsers, and expose sensitive business communications. Organizations infected with keyloggers face compliance violations, credential leaks, and reputational harm.
Because keyloggers operate silently, detection can take weeks or months. Even legitimate organizations sometimes use them for employee monitoring, raising ethical and legal questions around consent and surveillance.
How to reduce risk
- Keep operating systems and security software updated.
- Use hardware-based security features such as Trusted Platform Modules and secure input drivers.
- Implement behavioral monitoring that detects unauthorized key-capture processes.
- Educate users about phishing attachments and untrusted software installations.
- Prefer passwordless authentication methods or hardware tokens to mitigate credential theft.