Mac OS

Latest world news: November 13th, 2017 - Keylogger was found in the Mantistek keyboards RSS Feed

Top keyloggers
View more...


Keylogger is a hardware device or a software program (or a module), capable of recording (logging) the keys pressed on a keyboard.


Software keylogger can also be called

  • keylogger
  • key logger
  • keystroke logger
  • key recorder
  • key trapper
  • key capture program
  • key snooper

Hardware keyloggers are often called "keystroke recording devices".

Types of keyloggers.

There are hardware and software keyloggers.

Software keyloggers belong to the group of software products which are used for control over PC use. Initially, software products of this type were designed solely for recording information about the keys pressed (including the system keys), into a dedicated log-file (link will open in a new tab), to be later analyzed by the person who installed the program. The log-file could be sent over the network to a network drive, to an FTP server in the Internet, by Email, etc. Currently, these software products that kept their "old-fashioned" name, perform many additional functions – they capture information from the windows, capture mouse clicks, intercept contents of the clipboard, make snapshots of the screen and active windows, record everything received and sent by Email, monitor file activity , monitor the registry, monitor the printer queue, intercept sound from the microphone and video images from the Web camera connected to the computer, etc., i.e. they actually belong to a totally different class of software – they actually are monitoring software products.

Hardware keyloggers are miniature devices that can be installed between the keyboard and the computer, or integrated into the keyboard itself. They record every keystroke made on the keyboard. The process of capturing is completely transparent for the end user. Hardware keyloggers do not require installation of any software in order to successfully capture all keystrokes. A hardware keylogger can be attached to a computer, no matter whether the computer is on or off. Its running time is not limited, as it does not require a power source for its operation. The volume of its internal non-volatile data allows to record up to 20 million of keystrokes, with Unicode support. These devices can be made in any shape, so that even an expert cannot sometimes identify their presence during information audit. Depending on the place of their installation hardware keyloggers are divided into external and internal ones.

Log files

As has been already mentioned, keyloggers, as a rule, store the information they collect in log-files, which can be located in such places as:

  • Hard Drive
  • Memory
  • Registry
  • shared network drive
  • a remote server

In addition, many keyloggers are able to remotely send log-files via:

  • email
  • FTP
  • http (https)
  • Any type of wireless communication (radio frequency range, infrared, Bluetooth, WiFi, etc.)

Methods and purposes of keyloggers' use

Similarly to many software products, use of keyloggers can be authorized and unauthorized. Moreover, only the method of keyloggers application (including hardware and software products, which include a keylogger as a module) allows to see the distinction between security management and security violation. To learn more about the differences between authorized and unauthorized use of keyloggers, read our article "The difference between monitoring and spyware. Objectives of use and methods of protection" here.

Inclusion of anti-virus into signature databases

Depending on whether a particular keylogger has been included into anti-virus signature databases, keyloggers are divided into the known and unknown.

Signatures of known keyloggers are already included into signature databases kept by major anti-spyware and/or anti-virus software vendors.

Signatures of unknown keyloggers are not included into signature databases kept by major anti-spyware and/or anti-virus software vendors. What is more, they probably will never be included into these databases for various reasons. Here are some examples of such keyloggers:

  • keylogging programs (or modules), developed by (or for) government organizations;
  • keylogging programs (or modules), that may be created by developers of a proprietary operating system and deliberately included into the OS kernel;
  • keyloggers developed in limited numbers (often in one or several copies) for a particular task, related to related to stealing sensitive information from a particular user’s computer (for example, software products used by professional hackers). These spy software programs (link will open in a new tab) can be keyloggers with a little bit changed source code, taken from the Internet and compiled by the attacker, so that the keyloggers signature is changed;
  • commercial monitoring software products, especially those built-in into corporate software as modules, are rarely included into signature bases of software from major anti-spyware and/or anti-virus software vendors. It results in the following: if hackers publish a fully functional version of a commercial monitoring software product in the Internet, it can be turned into a spy software product that cannot be detected by antispyware and/or anti-virus software products;
  • keylogging modules comprised in malicious programs. Until information about these modules is included into signature bases, they are unknown. For example, some worldwide-known viruses caused much trouble last years had a module for keystroke capturing and sending the stolen information via the Internet.
IMPORTANT! Installing computer monitoring tools on computers you do not own or do not have permission to monitor may violate local, state or federal law.