Keylogging: All You Need To Know About Keylogger Web Threats

Share article
twitter linkedin medium facebook

A keylogging attack is a type of cyber attack in which a malicious actor gains access to a computer and installs software or hardware that records every keystroke made by the user, including sensitive information. Once the user’s data is captured, it is sent to the attacker who can use it for nefarious purposes, such as identity theft, fraud, or espionage. Keylogging attacks can be initiated through a variety of methods, including phishing emails, software vulnerabilities, and social engineering tactics.

In this article, we will inspect all possible ways to prevent keylogging attacks and keep your online environment utterly secure.

What is a keylogger?

Keyloggers are a form of spyware. Their job is to surreptitiously record what the user types into their device on both physical and virtual keyboards before passing that data back to an attacker. When you consider that so many people now use phones, tablets, and computers to manage their finances, make online purchases, share their most private thoughts, and more, it’s easy to see how keylogging can be so dangerous. It allows criminals to harvest passwords, credit card details, and personal messages, leaving victims vulnerable to reputation damage at best and fraud at worst.

Legality of Keylogging

Given how potentially dangerous the practice of keylogging is, you may be surprised to know that it’s not always against the law. The legality of using keyloggers in the United States depends on the context in which they are used. In general, it is legal to use them for legitimate purposes, such as employee monitoring, parental control, or law enforcement investigations (when properly authorized).

In practice, this means that it’s okay for corporate IT departments to use keylogging to collect input commands so they can troubleshoot computer problems, and it’s fine for parents who are worried about what their children are doing online to keep tabs on them with a keylogger. There are certainly moral aspects to consider about spying on employees and children, but in terms of the law, as long as you own the device that the person is using, and you’re not using it to stalk them, harass them, or otherwise break the law by recording what they type, you should be safe (although this does not constitute legal advice! Always consult a qualified professional to be certain).

The History of Keylogging: Instances and Notable Attacks 

Keyloggers have a historical background that includes some well-known incidents. Before the computer era, the 1970s saw the development of a keylogger by Soviet intelligence. This device could discreetly hide within IBM electric typewriters and transmit keystroke data through radio signals. These were covertly placed in typewriters at U.S. diplomatic facilities in Moscow and Leningrad.

The first keylogger for computers came about in 1983, conceived by Perry Kivolowitz, a graduate student at the time, as a proof of concept. One noteworthy instance of a keylogger being distributed in a real-world scenario occurred in 2015 when it was bundled with a Grand Theft Auto V mod. In 2017, a significant number of Hewlett Packard laptops were discovered to have been shipped from the factory with a keylogger installed. HP claimed that this tool was intended for diagnosing keyboard performance and should have been removed before shipment, rather than being a malicious attack.

Recently, two of the most prevalent keylogger malware programs are Snake and Phoenix. Phoenix, an older program, has been resurrected with enhanced capabilities. These instances underscore the ongoing innovation by cybercriminals in the realm of keylogging, highlighting the need for continued vigilance in cybersecurity.

The two main types of keylogging

Keyloggers come in two forms: hardware and software. Software keyloggers infiltrate PCs, Macs, Androids, and iPhones via the same routes that other malware uses. One of them is phishing emails. These are designed to trick victims into downloading a file attachment that then installs the software on the device. Cybercriminals have long known that humans are often the weakest link in the security chain, so they often try to manipulate victims into lowering their guard and performing unsafe actions using social engineering techniques.

Social engineering means something that plays on our human emotions or tendencies, so it exploits our greed, desire, compassion, or even just lapses of concentration. The 2022 Data Breach Investigations Report from Verizon revealed that the human factor is an element in 82% of all breaches, so it’s clearly very effective.

Attackers’ emails might pretend to be from a potential romantic partner, your bank, a charity raising money for victims of a disaster, a sure-fire moneymaking scheme, or even from someone that you actually know, asking you to download something or click on a link. Even if the attacker only tricks one person in 10,000 into downloading the attachment hidden in an email, a compromised website, direct message, or SMS text, it’s worth it to them.

Hardware keyloggers exist but are much less common, probably because they are slightly more likely to be detected. They are purpose-built devices that need to be physically connected to a PC while the owner is away from it, and they can be disguised as things like USB sticks or USB wall chargers. Although hardware keyloggers are used more rarely, there have been cases of students using them to try and cheat on their exams, and there was the time when someone used a keylogger to eavesdrop on their colleagues at a left-wing German newspaper in 2015.


Hardware keyloggers tend not to be as widely used as software versions because they aren’t as efficient and fitting them is risky. To fit one the victim needs to be out of the room while the attacker connects it, so they run the risk of being discovered. If the device doesn’t transmit the captured data then they also have to return to collect it later, which further raises their chances of getting caught. That’s quite a lot of risk for an attacker to expose themselves to when the reward is only one victim. 

Of course, if the victim happens to be someone with access to all the resources of a bank, or loan company, for instance, then they might consider the risk to be worth it. As well as being deployed in USB sticks, hardware devices can also be attached to computer PCI slots or disguised as ordinary PS/2 keyboard connectors.

Are mobile devices in danger from keyloggers?

To date, no hardware keyloggers that exploit mobile devices have been discovered, but there are certainly software versions that can record which areas of a smartphone or tablet’s screen the user interacts with. On touchscreen devices, keylogging can capture screenshots of emails, texts, and login pages, as well as access microphones, cameras, and more. As with other devices, smartphone users can inadvertently introduce malware by downloading infected files or compromised apps, so it’s important to only use files from trusted sources and apps from trusted vendors.

Detecting Keyloggers

How do you know if your device has been infiltrated by a keylogger? They may show up when you scan your system with a good antivirus/antimalware program. Poor quality keyloggers might also give themselves away by degrading performance in things like web browsing or causing a noticeable lag in mouse movements or between keystrokes.

Commercial-level keyloggers are more sophisticated and tend not to cause any system slowdowns, so you may not notice any effects on the system at all. They can also disguise the files they sent back to the attacker as normal traffic, and some are capable of re-installing themselves if the user manages to discover and remove them. With more sophisticated keyloggers you need a more comprehensive security solution.


The new keylogging threat from AI

Artificial intelligence systems are currently experiencing something of a renaissance, with ChatGPT, in particular, making headlines. It uses a large language model to generate authentic human responses to queries, but when some of those queries are requested by malware, everyone has cause to worry. Security company HYAS recently created a “polymorphous keylogger” to show what’s now possible. It calls its software Black Mamba (because that’s how dangerous they consider it to be) and it uses two techniques. One is intelligent automation which allows it to transmit captured keystrokes back to the attacker via trusted communications channels. The second uses publicly available AI tools to continuously create new versions of itself. Because it is constantly changing, security software that tracks known signatures and behaviors will struggle to stop it, and indeed, the team at HYAS said that a leading solution failed to detect it.

Protection from keylogging attacks

It’s important to keep all of your software up-to-date, including browsers, operating systems, and apps, so they’ve always got the latest security updates. Aside from the basics, here are some other examples of what you can use:


Antivirus software is a must-have for every kind of malware threat, including keylogging. Although there are free versions available, it’s worth considering investing in premium solutions, because they tend to have the most comprehensive feature sets.  


Since keyloggers send the data they capture back to the attacker, using a firewall may help to block any unauthorized data transfer. This isn’t something to rely on but is definitely worth using in conjunction with other tools.

Physical Interventions

You can prevent physical access to USB and PS/2 ports by using a system cage, also known as a security enclosure, which makes computers tamperproof and immune against keylogging.

Two-Factor Authentication

Using two-factor authentication (2FA) with all your important accounts ensures that even if an attacker gets hold of one of your passwords, they can’t use it in isolation. A typical approach with 2FA will look something like this: when you attempt to log into an account using your password, a prompt appears to request another code, randomly generated each time, which is sent via SMS text to your phone. If the attackers can’t access your phone, then they’re effectively locked out.

Virtual Keyboard

Some computers now have touchscreens, so you now have the option of using a virtual keyboard on them. This could potentially thwart keyloggers that only record physical keystrokes, so it may be useful.  

Voice-to-text software

Voice-to-text software does the same job as a virtual keyboard, cutting out mechanical keystrokes so the keylogger doesn’t have anything to record. You simply speak your credentials into login forms or your comments into chats and emails and the keylogger is none the wiser.

Software inventory check

It may be worth going through the processes and programs currently running on your computer to see if anything looks out of place. Although some might be capable of naming themselves after something friendly sounding to evade detection, it doesn’t hurt to check now and then. This could make the difference in detecting keyloggers.

Browser extension check

Some types of keyloggers keep track of your network activity so they may show up in your browser as an extension. In most popular browsers it’s easy to pull up a list of your active extensions and check for anything that looks out of place. If something is there that you don’t remember installing then remove it, or at the very least, do a web search for the name to see if anyone else has experienced the same problem.

How can Reflectiz help with keylogging?

Performing manual checks can be time-consuming and it’s also easy to forget to do them. Reflectiz is a continuous monitoring solution that can help prevent keylogging attacks by detecting and blocking malicious scripts that capture keystrokes on a website.

Reflectiz can help prevent keylogging attacks by analyzing the code of a website and detecting the addition of any malicious scripts designed to capture keystrokes. Once Reflectiz detects a keylogging script, it can block it from executing on the website, preventing the attacker from capturing any sensitive data, including personal health information.

In addition to preventing keylogging attacks, Reflectiz can also help protect against other types of web-based attacks, such as cross-site scripting (XSS) attacks, formjacking attacks, and magecart attacks. Reflectiz does this by continuously monitoring the website code and alerting the website owner to any potential security issues.

Sign up today and make sure your website is free from the risk of keylogging attacks.  


What is keylogging? 

Keylogging is a malicious activity where software or hardware is used to record the keystrokes made by a computer or device user without their knowledge or consent. This can capture sensitive information such as passwords, credit card numbers, and personal messages.

Why is Keylogging illegal? 

Keylogging is typically illegal when done without the explicit consent of the person being monitored. It violates privacy laws and can lead to identity theft, fraud, and unauthorized access to personal information, which are all illegal activities.

Can keylogging be detected? 

Yes, keylogging can be detected through various means, including using anti-spyware tools, and regular system scans. Additionally, monitoring for unusual computer behavior, such as unexpected network traffic or changes in system performance, can help detect keyloggers. Practicing good cybersecurity hygiene, like keeping software up to date and avoiding suspicious downloads, can also reduce the risk of keylogging.

Is keylogging a virus?

Keylogging itself is not a virus. Keyloggers, or keystroke loggers, are software or hardware tools designed to record and log keystrokes made on a computer or mobile device. While keyloggers can be used for legitimate purposes, such as monitoring computer activity or troubleshooting, they can also be employed maliciously, capturing sensitive information like passwords and credit card details.

Why is keylogging illegal?

Keylogging itself is not inherently illegal; its legality depends on its use. Legitimate purposes include employee monitoring or troubleshooting. However, using keyloggers without consent to capture sensitive information is illegal and violates privacy and cybercrime laws.

Does VPN prevent keylogging?

A VPN does not directly prevent keylogging. While it secures your internet connection, keyloggers can still capture keystrokes on the device. To prevent keylogging, use additional security measures such as keeping software updated and using reputable antivirus programs.


Take control

Stay up to date with the latest news and updates

Your Website looks great!

But what’s happening behind the scenes?

Discover your website blind spots and vulnerabilities before it’s too late!

Try for free