A keylogger (sometimes known as a keystroke logger) refers to either a hardware device or a software program that records or ‘logs” keystrokes registered on a keyboard. However, more advanced keyloggers can also record web page visits, take screenshots, and harvest other data.
Cybercriminals who employ keyloggers as malware generally do so to steal sensitive information. Depending on how sophisticated the keylogger in question is, it may only be able to collect data from a single website or application, or it may be able to spy on all the information a user enters with their keyboard, including any information they copy and paste. Stolen data can include credit card numbers, bank account credentials, PIN codes, and more.
A keylogger can either be hardware or software-based, and unlike some other forms of malware, a keylogger doesn’t present a direct threat to a system itself.
A hardware keylogger may take the form of a plugin inserted into a system’s keyboard port, but this kind of keylogger requires that a cybercriminal gain physical access to a target computer. Consequently, software keyloggers are more commonly-used because they are much easier to introduce into a target system. And like most forms of malware, software keyloggers usually gain access to a victim’s system when a user clicks on an untrustworthy link or unwittingly opens an email attachment loaded with a malicious payload.
The history of keyloggers predates the invention of modern computers. The earliest record of hardware-based keylogging comes as early as the 1970s when Soviet agents discovered a way to physically bug the Selectric II and Selectric III electronic typewriters used by US diplomats stationed in Moscow.
Interestingly, as typewriters are immune to software-based attacks, Russian special services continue to source and use large numbers of antique typewriters in an attempt to keep their communications secure.
While keylogging began in the 1970s, it experienced a significant boom in the 1990s when numerous commercial software keyloggers appeared on the market. In recent years, malicious keyloggers now frequently appear bundled together with other malware as part of larger coordinated attacks that can include ransomware and botnet elements – sometimes orchestrated by sophisticated groups of organized criminals.