When you think of malware and viruses, what kind of activities do you imagine them doing? Perhaps you think of them as software that destroys the computer it infects. Maybe you think of them as opportunistic, taking the time to perform actions such as using the PC on a botnet or looking through files for sensitive information. You may even think of ransomware, which locks away a PC until the victim pays the developer a sum of money.
But what about a piece of malware that simply sits, quietly, on your system and watches everything you do? Not so much what you’re doing on your monitor, but keeping strong tabs on what you’re typing. This is the sneaky nature of the keylogger, a nasty piece of kit that can threaten your private data and accounts if left to its own devices.
What Is A Keylogger?
So what’s the point of keyloggers? It gets on your system, it watches your keyboard inputs — so what? Who cares about what you type so badly that they’ll go through great efforts to smuggle software onto your system?
First, realise there are plenty of non-malicious uses for keyloggers. For instance, a parent can install a keylogger onto their child’s computer to make sure they’re not visiting inappropriate sites or chatting online to bad people. Harsh bosses may even use them to monitor their employee’s workflow. So, those have their obvious uses. But what about our malware keyloggers?
Think of it this way; there’s a keylogger developer who has managed to get keylogging software onto someone’s computer. They can see everything typed onto that computer, which includes everything from typing up a report to chatting to a friend on Facebook. Not very exciting, right? Then, the keylogger developer notice one string of information come in from the keylogger. It reads:
Intrigued, they go to the Kempton Bank website and looks at what’s needed to log into an account. It asks you for two things; first, a 7-digit user ID, and then a password to go with it. Looking at the above data and matching it with what you know, what do you think happened here?
It looks like the person being watched accessed the Kempton Bank website, then typed in their ID and password to log into their bank account. Of course, the keylogger just watched this in real time, which means its developer now has their victim’s bank account details; their user ID is 7743992, and their password is opensesame233. Now they can log in and access their victim’s bank account!
How To Stop Them
So now you can see how deadly a keylogger can be in the wrong hands. But how do you go about making sure your PC is clear of keyloggers? After all, if they’re silent, there’s no tell-tale sign to let you know that there’s one on your computer.
The solution, therefore, is to install protection on your computer. Have an antivirus running which can pick up on keyloggers, so it can squash them if it detects any. Also, using malware scanners can help pick up on any that may have slipped through the net.
Also, you can use two-factor authentication on websites that use it. This will confirm a new login by sending a message to your mobile phone, meaning anyone else trying to login will get stopped by this restriction. This halts keyloggers in their tracks, as even though they have your username and password, they don’t have your phone in order to complete the process!
This is also the reason why some login pages ask you to manually input specific characters from your password using drop-down boxes. A keylogger would be able to tell if you typed a key, but by using this method, a logger would have to see what website you were on, read each field, and see what character you clicked on, which would be incredibly hard to pull off. Even then, when they go to log on with your details, the system may ask for a different set of characters from that password, making the whole process redundant!
The Key To The Problem
While keyloggers are very scary, there are ways you can avoid having your details gleaned from what you type. Even better, some websites and services have set up their own precautions against keyloggers; now you understand why those measures are there and what they mean.
Are you somewhat cautious about a potential keylogging attack? Or are you not that afraid of them? Let us know below.