What Are Keyloggers and How Do You Remove Them?

Keyloggers can track key input to collect your data. We’ll show you how to spot and remove them.
We receive compensation from the products and services mentioned in this story, but the opinions are the author's own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

In 2022, LastPass suffered a massive data breach that affected 30 million customers due to its culprit: a keylogger attack.[1] A threat actor carried out this attack by exploiting vulnerabilities found in third-party software on a home computer belonging to one of LastPass’s developers. This enabled remote code execution (RCE) and allowed them to install a keylogger.

As a result, the threat actor was able to obtain the developer's master password via keylogging and ultimately gain access to LastPass's corporate vault.

This is one of many unfortunate keylogger attacks. As keylogger attacks continue to rise, it’s important to understand what keyloggers are, how they are used, their risks, and how to protect yourself from them.

Continue reading to learn more about keyloggers and how to protect yourself.

In this article
What is a keylogger?
How keyloggers are used
How keyloggers are spread
How to remove a keylogger
Tips to avoid getting a keylogger
Keylogger FAQ
Bottom line

What is a keylogger?

A keylogger, or keystroke logger, is a hidden surveillance tool designed to monitor, record, and log every keystroke made on a keyboard, whether physical or virtual (e.g., touchscreen devices). It is a type of spyware that falls under the category of malware, also known as malicious software. Often, it’s installed without consent and used for nefarious purposes, but that isn’t always the case.

What is keystroke logging?

When a keylogger is installed on a targeted device, it begins keystroke logging, or "keylogging,” and records every keystroke made. Then it stores the keystroke data or information in a log file that belongs to a remote command-and-control (C&C) server. The person who installed a keylogger on a device can access its log file, which may contain sensitive information, whenever they want.

As a result, the keylogger owner can have the potential power to access sensitive information such as passwords, banking information, and credit card numbers. This includes confidential information as well, such as chats, messages, and more.

What devices and systems are affected by keyloggers?

Keyloggers can pose a threat to various devices and entities, which can include:

  • PCs
  • Laptops
  • Mobile phones
  • Tablets
  • Financial institutions
  • ATM machines
  • Multiplayer online role-playing games (MMORPGs)

Keyloggers often target computer devices and sometimes mobile phones. However, they have also been known to target financial institutions, ATM machines, and online gaming such as MMORPGs. In the following paragraphs, we’ll provide some examples of use cases.

In Sweden, Nordea Bank suffered the “largest online bank heist” due to a trojan virus that installed a keylogger, according to the New York Times. Additionally, a Linux- and Unix-based keylogger called WINGHOOK targeted ATM machines via a rootkit.

Because a keylogger records your keystrokes, among other things, it can also be used to steal account usernames and passwords. More commonly, keyloggers have been used to attack popular games such as “World of Warcraft” (WoW) and “League of Legends.” They have also been sold on the Dark Web under a subscription model like iSpy, which was distributed via phishing emails and scam campaigns.

Types of keyloggers

There are multiple types of keyloggers, which can be installed through various methods such as the kernel, browser, a USB flash drive, and more. Some are rare and unique, such as acoustic keyloggers, which can eavesdrop on the distinct sounds of keystrokes done on a keyboard in order to help attackers decipher what’s being typed.

Keyloggers primarily fall into two categories: software keyloggers or hardware keyloggers. They can be installed via keylogging software applications or physical hardware.

The following is a non-exhaustive list of the various types of keyloggers.

Software-based

  • Kernel
  • Application programming interface (API)
  • Form-grabbing
  • Screen
  • Browser
  • Hooks
  • Remote Access Trojan (RAT)

Hardware-based

  • PS/2 keyboard
  • USB (e.g., flash drive, cables)
  • Lightning to USB-C cable
  • Hidden cameras
  • Wireless sniffers
  • Firmware/BIOS
  • Acoustic

How keyloggers are used

Keyloggers can be used for both legal and illegal reasons, though they are usually used for nefarious ones. For instance, attackers and cybercriminals often use them for illegal activities, such as committing fraud or stealing their target’s banking information. 

But surprisingly, they can be used for legitimate reasons too, such as a parent monitoring their child's phone activity for safety reasons. (We’ll cover these reasons more in-depth later.)

The best way to determine whether a keylogger has been installed legally or illegally is by asking the question, “Did you install the keylogger on a device you own?” If the answer is yes, then it’s typically legal. 

If not, and you install one on a device you don’t own without the owner’s consent, it’s often illegal. There are some exceptions, such as when federal authorities and the police have warrants to monitor your devices during a criminal investigation.

In the next sections, we'll unravel the legal and illegal uses of keyloggers, talk about the fine line between their ethical and unethical uses, and shed light on how violating the Electronic Communications Privacy Act (ECPA) can lead to serious legal consequences.

Illegal uses of keyloggers

Keyloggers can be misused for illegal activities without consent, often for nefarious purposes. Attackers and cybercriminals usually carry out these illegal activities. On the other hand, ordinary people with malicious intentions, such as a vengeful ex-partner or a disgruntled former employee, can also use them illegally without your knowledge.

Presented below is not a complete list of several reasons keyloggers are used illegally:

  • Identity theft
  • Financial fraud
  • Corporate or industrial espionage
  • Unauthorized access to personal accounts (e.g., email, social media)
  • Obtaining personal details about you
  • Device monitoring to find out if a partner is cheating
  • Stalking
  • Blackmail

Keep in mind that you have directly broken the federal ECPA if you install a keylogger on someone else's device without their consent or knowledge, such as a partner's or spouse's device when you suspect infidelity. 

If it is discovered you have violated this law, which is an invasion of privacy, it can result in felony charges against you and a loss of trust from your partner. Also, depending on the severity of the crime, you could face fines or even imprisonment. In short, it’s never worth the risk.

Legal uses of keyloggers

Employers, parents, IT departments, and police or federal authorities can use keyloggers legally for a number of reasons. It's crucial to keep in mind that although it is legal for parents or legal guardians to install keyloggers and monitoring software on their minor's device, it is illegal for anyone to do the same on a device belonging to an adult child or an adult partner.

Here are some popular uses of keyloggers that are legal:

  • Companies monitor their employees’ activities for productivity purposes
  • Parents monitor their children’s screen time and internet use for their safety
  • IT department troubleshoots software problems on company devices
  • Federal authorities such as the FBI or police have a warrant to monitor the devices of a potential criminal in an ongoing criminal investigation

Although these are legal uses of keyloggers, it’s important to consider their ethical implications. For instance, employees who are under surveillance on the job by their employer may view it as unethical and a violation of their privacy or trust. As a result, employers are encouraged to opt for other alternatives, such as installing other tools like website blockers, enabling remote desktop access, and conducting time audits to measure their employees’ productivity.

Additionally, a legal guardian or parent who installs a keylogger on their teen's computer or mobile device without their knowledge can potentially damage the trust in their relationship, especially if their teen discovers they’ve been spied on. Walking a fine line between legality and ethics can be tricky, so it’s important to weigh the two and strike a balance.

How keyloggers are spread

Keyloggers spread and infect devices in a number of ways, whether intentionally or unintentionally. Below, we have listed the various methods and examples spread under each category.

Unintentional ways keyloggers are spread

  • Phishing attacks
  • Malicious websites
  • Social engineering
  • Downloading malware, such as Trojans or rootkits containing keyloggers

Intentional ways keyloggers are spread

  • IT departments installing them on all corporate devices
  • Purchasing or downloading parental control software to monitor a child’s phone and internet activity
  • Installing on one’s own device for security research or ethical hacking purposes

How to know if your device has a keylogger

There are a plethora of ways to find out if a keylogger has infected a computer or mobile device, but the signs of infection differ between a computer and mobile device. Listed below are the common signs of a keylogger infection, including the steps you can take to mitigate it.

Common signs that a keylogger has infected your computer

  • Slow performance: Your browser runs slowly or your keystrokes are delayed, including the movements of your mouse.
  • Disappearing cursor: Your cursor spontaneously disappears.
  • Laggy mouse movements: Your cursor movement is slow and doesn’t match the speed at which you move your mouse.
  • Error screens: You get error screens whenever websites or graphics load.

Common signs that a keylogger has infected your mobile device

  • Overheating: Your phone gets physically hot, and even after closing all active apps, your phone continues to feel hot to the touch.
  • Fast battery drain: You notice your battery drains quicker than normal.
  • Strange phone activity or sounds: You may notice your phone, apps, and your phone’s screen lights will turn on and off at random times. You may also hear faint white noises or crackling sounds.
  • Weird messages appear: You may receive weird messages that only have characters or texts that are not supported by your device.

How to remove a keylogger

Follow the recommendations to remove a keylogger from your device:

  1. Use antivirus software that automatically removes malware, including keyloggers.
  2. Manually uninstall the keylogger from your device if located and clear temporary files to eliminate any residual traces of the keylogger.
  3. Another option is to reset your device to its factory settings and then restore it from a backup to ensure any existing malware, including keyloggers, are removed.

Follow these steps for mitigation if a keylogger has infected your computer

1. Check running applications and background processes.

  • For Windows devices, use the Task Manager.
  • For Mac devices, use the Activity Monitor.
  • For Linux devices, run the following commands in the terminal ‘ps -aux’ , or ‘htop.’

2. Terminate any suspicious applications or processes.

3. Remove any unfamiliar applications or files installed on your device after researching them.

4. Perform a routine scan of your device with antivirus software, which can help detect and remove malware.

Follow these steps for mitigation if a keylogger has infected your mobile device

  • Delete suspicious or strange unrecognized file names: Check your Downloads folder for any unnoticeable files with random names and .APK file extensions. If you find such a file and don't remember downloading it, delete it immediately.
  • Install and use reputable antivirus software: Use an antivirus software that detects and quarantines keyloggers. Keep your antivirus software updated and perform routine scans for malware.
  • Restore your phone to factory settings or wipe it clean: If all else fails, reset your phone to its factory settings or wipe everything, but remember to back up any important files first.

9 tips to avoid getting a keylogger

There are many tips to follow that can help you prevent a keylogger from infecting your device. Make sure to follow the recommendations below for best security practices to keep keyloggers from infecting your devices.

  1. Routinely update your operating system and apps. Always make sure your operating system and applications are up-to-date with the latest security patches.
  2. Use strong unique passwords and 2FA. Protect your device, apps, and accounts with strong unique passwords that comply with NIST standards and enable two-factor authentication (2FA).
  3. Use a firewall. This security system monitors network traffic and can intercept data that keyloggers attempt to send over the internet, thus preventing keylogging.
  4. Use a password manager. Password managers allow you to easily generate strong, unique passwords and store them all in one place. They help you access your passwords and update them easily in a secure cloud, without the need to remember them all. This can help you further reduce the risk of keylogging.
  5. Install antivirus software. Installing a reputable antivirus software on your device can prevent malware infections, as well as identify and remove malware more quickly than manual methods. This is an important tool in preventing keylogging.
  6. Get a VPN. Use a reputable virtual private network (VPN). This can hide your local IP address and encrypt your data from prying eyes, securing your online data traffic.
  7. Avoid using public Wi-Fi. Do not use free public Wi-Fi networks at a coffee shop, airport, or any public place — even if it’s password-protected. Using public Wi-Fi makes you vulnerable to man-in-the-middle (MitM) attacks conducted by attackers, who can potentially deploy a keylogger on your device.
  8. Do not use USB storage devices you did not purchase brand new. Picking up and using a USB flash drive you’ve found in a parking lot or bought from a stranger on the street, for example, can be a sneaky way to lure you to install a keylogger. (See Rubber Ducky.) Make sure you secure your USB storage devices, or any device for that matter when not used, in a safe place, too.
  9. Never click on suspicious links or download files from untrusted sources: Do not click on suspicious phishing links from emails or messages nor download files from unverified and untrusted sources. You can visit the website VirusTotal to analyze suspicious files and links.

Keylogger FAQ


+

Are keyloggers viruses?

No. Keyloggers fall under a category of malware called “spyware,” which secretly monitors and collects information about its targets — in other words, spies on them.

Computer viruses are not intended for spying purposes. A computer virus is a type of malware that copies itself (self-replicates) and attaches itself to a program or host, and it can carry malicious code.

Even though keyloggers are not viruses, they often infect computers or mobile devices via Trojan viruses.


+

Can keyloggers see your screen?

The primary function of keyloggers is to log and record keystrokes made on a keyboard. But there have been reports of Android and iPhone mobile devices being infected with software keyloggers that can capture where the mobile user presses or taps on the screen. This lets a cybercriminal see what the user is typing by looking at the virtual buttons they are pressing. Spooky, isn’t it?


+

Are keyloggers illegal?

Keyloggers can be legal or illegal, depending on the circumstances.

Keyloggers are legal when they are installed on a device owned by the person doing the installation. For example, it is legal when a parent installs a keylogger on their child’s device they own in order to monitor their phone and online activity for safety purposes.

In contrast, it’s illegal to install a keylogger on a device you don’t own. One exception to this rule is when federal or local authorities have a warrant to monitor a person’s device to help with a criminal investigation.

Bottom line

Cybercriminals, malicious hackers, and other people with ill intent can install keyloggers on your devices without your knowledge in order to track your keystrokes and, ultimately, spy on you. They may do this for illegal and nefarious purposes, such as to steal your identity or commit financial fraud by obtaining sensitive information such as your ID numbers, banking information, credit card numbers, and so on. As you can imagine, the outcome of having keyloggers installed on a device can be dangerous and scary.

Know what keyloggers are and how to spot them, as well as how to prevent them and rid them from your devices. Even though keyloggers are often associated with malicious uses, there are less scary and legal reasons that keyloggers are installed on a device. For example, a parent might install a keylogger on their child's device so they can keep an eye on their screen time and internet use for safety reasons. In the end, being aware of keyloggers is an important key to safeguarding your privacy

As we always say, knowledge is the first step to better cybersecurity habits and staying safe online.

5.0
Editorial Rating
Learn More
On NordPass's website
Password Manager
NordPass
BLACK FRIDAY: Up to 56% off + 3 months extra
  • Strong encryption and security
  • User-friendly interface
  • Free version has annoying restrictions

Author Details
Mars is a California-based cybersecurity professional and writer currently pursuing a B.S. in Cybersecurity. With interests ranging from OSINT to ethical hacking and threat intelligence, Mars leverages his two years of writing experience to produce informative content on topics such as Internet guides and VPNs.

Citations

[1] Security Incident Update and Recommended Actions