-
Infected domains are a common attack method – in October 2018, the .com and .eu domains of online office software Zoho were blocked after they delivered keylogging malware to users. Thousands of WordPress websites have also been infected with keyloggers via fake Google Analytics scripts.
-
Malware-infected apps are also a problem. The Google Play Store has often had to struggle with apps that contained keyloggers in the past.
-
Like many other types of malware, keyloggers are often embedded in phishing emails. For example, a version of the HawkEye keylogger was distributed via an email campaign containing infected Word documents.
-
Some other keylogger variants, such as Fauxspersky, can spread via infected USB drives.
“The biggest innovation in keyloggers is built-in evasion techniques that allow the malware to slip past detection mechanisms such as antivirus software,” says Bain. Many keyloggers are now delivered in combination with ransomware, cryptominer malware or botnet code, said the expert.
6 Ways to Detect and Remove Keyloggers
The following advice is generally considered to be the most effective steps to minimize the impact of unwanted keyloggers:
1. Monitor resources, processes and data
To find a keylogger, it can be helpful to take a look at the resource allocation, background processes, and data transmitted by the device in question. In order to work, keyloggers usually require root access to the target computer – also a telltale sign of a keylogger infection.
2. Update protection
Because keyloggers are often bundled with other forms of malware, the discovery of keylogger malware may be an indication of a broader attack. Current antivirus and anti-rootkit solutions remove known keylogger malware. However, further investigation is recommended to determine whether the incident was part of a larger attack.
3. Use anti-keylogger software
Special anti-keylogger software encrypts keystrokes, searches for known keyloggers and removes them. If there is unusual keylogger-like behavior, it raises the alarm. It is also helpful to block root access for unauthorized applications and to add known spyware to the IT blacklist.
4. Use virtual keyboards
Virtual onscreen keyboards reduce the risk of keylogging because they share information in a different way than physical keyboards. However, this can impact user productivity. Furthermore, it does not work against all types of keyloggers or eliminate the cause of the problem.
5. Disable self-executing files
By disabling self-executing files on externally connected devices such as USB devices and restricting the ability to copy files to and from external computers, the risk of a keylogger infection can also be reduced.
6. Enforce strict policies
The best way for organizations to protect against keylogger malware is to have multi-layered password policies and multi-factor authentication across all corporate accounts and devices. Even in the case of keylogging, average antivirus technology is no longer sufficient.
Keylogger history – famous examples
-
The oldest known keylogger comes from the pre-computer age: In the 1970s, the Soviet secret service developed a device that could be hidden in IBM electric typewriters and transmit information about keystrokes via radio. These early keyloggers were used in US embassies in Moscow and Leningrad.
-
The first computer keylogger was created in 1983 by then-PhD student Perry Kivolowitz developed as a Proof of Concept.
-
A particularly notable example of a keylogger “in the wild” was distributed “bundled” with a modification for the video game Grand Theft Auto V in 2015.
-
In 2017, it was revealed that hundreds of Hewlett-Packard laptop models were shipped with a keylogger. However, the company insisted that it was a keyboard performance diagnostic tool and should have been deleted before shipping.
This article originally appeared at our sister publication CSOonline.com.
