A keylogger is malware that “logs” or records your keystrokes or other activities on your machine. When you type in your user name and password to a website, the keystrokes are recorded, the information is saved, and these are made available to the hacker who put the keylogger on your computer. Keylogger programs can even take screen captures as you click your mouse, rendering many (if not most) attempts at bypassing keyloggers ineffective.
Keyloggers can work several different ways. They may:
* Send each keystroke immediately to some remote listener over the internet.
* Collect each keystroke in a temporary file, and then periodically upload that file to the author’s location over the internet.
* Collect each keystroke in a temporary file, much like a spam bot, and then listen for and receive instructions from the author. In other words, the logger could upload the collected information when requested.
The collected keystrokes may never be uploaded. Instead, if someone has remote access to your machine, or even worse, physical access to your machine, they could simply come by and copy the keylogged information manually.
Finally, keylogged information may not even be kept on your machine. There are hardware keyloggers that include a little flash memory that can be quickly inserted in between keyboard and computer to capture all the data. Some time after installing the keylogger, the person behind it picks up the device containing all your information.
Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keystroke recorder or keylogger can be either software or hardware.
While the programs themselves are legal, with many designed to allow employers to oversee the use of their computers, keyloggers are most often used for stealing passwords and other confidential information.
Keylogging can also be used to study keystroke dynamics or human-computer interaction. Numerous keylogging methods exist, ranging from hardware and software-based approaches to acoustic cryptanalysis.