A keylogger is a malicious software discreetly installed on your computer that is capable of stealing your personal data by a very specific mechanism. How does this kind of malware work and how can you prevent it? This is what shall be discussed in this article.
What is a keylogger?
Keyloggers are software capable of analysing and unwittingly detecting what the user is typing on the keyboard: messages, searches, but above all identifiers, passwords or bank details.
Keyloggers are part of the spyware family, a malicious software that installs itself discreetly on a machine to obtain information in real time. However, they are not considered as computer viruses or Trojan horses because their operation is not based on the modification of codes or taking control of the device. Their role is to make themselves very small to record the data without being noticed.
The different types of keyloggers
There are two main groups of keyloggers: software keyloggers and hardware keyloggers.
Software keyloggers are the most common and they are the subject of this article. They leverage features of the operating system (usually Windows) to monitor keystroke data and may even be able to retrieve passwords filled in automatically by the browser.
Another type of key recorder operating at the software level exists. This time, the program no longer acts on a user interface option but intercepts communications at the level of the kernel .It is therefore the exchanges between the hardware and the software that are stolen and translated. Very difficult to detect, they are however unable to steal automatic passwords.
Finally, we have the hardware keyloggers. They are rare because it is necessary to have had physical access to the targeted device to install the device, which takes the form of a small box. They are impossible to use on smartphones and computers, it is relatively easy to detect them. These are clearly not the keyloggers to be most wary of, although you should always be vigilant.
How does a keylogger work?
Like all spyware, keyloggers are generally found installed on a machine following a visit to a malicious website or unwittingly hosting malicious content or advertising, when an email attachment is opened, or a free download of a video game, movie, music or software.
Keyloggers are executable files that interact with the programming interfaces of the operating system, just like any software. In the case of Windows, they will in particular use the "SetWindowsHookEx" pick command coupled to a DLL (dynamic link library) to obtain the keyboard events. Many legitimate software also use it, which is why Windows allows access to this information.
The keylogger is launched as soon as Windows starts up to record absolutely all keystrokes made on the keyboard. The recovered data is then transferred to the hackers at regular intervals.
They can then resell the stolen information. Like all malware, keyloggers become more complex and improve over time. Some of them can even send the data they collect in real time.
Some keyloggers have filters. They are only activated on certain very specific sites which are of particular interest to hackers: banks, PayPal etc.
How to protect yourself from a keylogger?
First of all, you have to make efforts in your use of the internet to avoid being susceptible to infection by this kind of spyware. Do not open a link or attachment whose source you cannot authenticate, for example. To limit your risk, avoid unsecured sites or downloads of illegal content. Even free software that looks legitimate can be a facade to cover up a keylogger, find out about the program in question and the site you are downloading it from. Then please update your system and drivers properly, many attacks take advantage of security holes and vulnerabilities. It would be a shame to be fooled when a patch or fix was available. Also beware of connections to your accounts on machines or public Wi-Fi networks.
Another way to counter keyloggers is to set up complex passwords. Some keyloggers are not able to detect certain special characters, such as accented letters that do not exist in English or signs that require a key combination, with Alt or Alt Gr for example. You can also use a password manager or change your credentials regularly to strengthen the security of your accounts.
Another possibility is to type your username and password "out of order". For example, type your password except the first letter, then go back to the beginning to type the missing first letter, the keylogger will be tricked.
Remember to turn on two-factor authentication, which can save you a lot of trouble. Thus, even with the correct identifiers, a third party will not be able to access your accounts, unless they can also enter your mailbox or your smartphone in the event of A2F via SMS or application.
Ultimately, a good security suite, like the one offered by our partner ESET, can protect you from these kinds of threats. The best solutions include a firewall, antimalware, anti-spam, and even access protection to bank accounts. Also, favour antiviruses with real-time protection and not just PC scanners.