Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keystroke recorder or keylogger can be either software or hardware.
While the programs themselves are legal, with many designed to allow employers to oversee the use of their computers, keyloggers are most often used for stealing passwords and other confidential information.
A software-based keylogger is a computer program designed to record any input from the keyboard. Keyloggers are used in IT organizations to troubleshoot technical problems with computers and business networks. Families and businesspeople use keyloggers legally to monitor network usage without their users' direct knowledge. Microsoft publicly stated that Windows 10 has a built-in keylogger in its final version "to improve typing and writing services". However, malicious individuals can use keyloggers on public computers to steal passwords or credit card information. Most keyloggers are not stopped by HTTPS encryption because that only protects data in transit between computers; software-based keyloggers run on the affected user's computer, reading keyboard inputs directly as the user types.
In the mid-1970s, the Soviet Union developed and deployed a hardware keylogger targeting typewriters. Termed the "selectric bug", it measured the movements of the print head of IBM Selectric typewriters via subtle influences on the regional magnetic field caused by the rotation and movements of the print head. An early keylogger was written by Perry Kivolowitz and posted to the Usenet newsgroup net.unix-wizards, net.sources on November 17, 1983. The posting seems to be a motivating factor in restricting access to /dev/kmem on Unix systems. The user-mode program operated by locating and dumping character lists (clients) as they were assembled in the Unix kernel.
In 2000, the FBI used FlashCrest iSpy to obtain the PGP passphrase of Nicodemo Scarfo, Jr., son of mob boss Nicodemo Scarfo.Also in 2000, the FBI lured two suspected Russian cybercriminals to the US in an elaborate ruse, and captured their usernames and passwords with a keylogger that was covertly installed on a machine that they used to access their computers in Russia. The FBI then used these credentials to gain access to the suspects' computers in Russia to obtain evidence to prosecute them.
An anti-keylogger is a piece of software specifically designed to detect keyloggers on a computer, typically comparing all files in the computer against a database of keyloggers, looking for similarities which might indicate the presence of a hidden keylogger. As anti-keyloggers have been designed specifically to detect keyloggers, they have the potential to be more effective than conventional antivirus software; some antivirus software do not consider keyloggers to be malware, as under some circumstances a keylogger can be considered a legitimate piece of software.
Rebooting the computer using a Live CD or write-protected Live USB is a possible countermeasure against software keyloggers if the CD is clean of malware and the operating system contained on it is secured and fully patched so that it cannot be infected as soon as it is started. Booting a different operating system does not impact the use of a hardware or BIOS based keylogger.
Many anti-spyware applications can detect some software based keyloggers and quarantine, disable, or remove them. However, because many keylogging programs are legitimate pieces of software under some circumstances, anti-spyware often neglects to label keylogging programs as spyware or a virus. These applications can detect software-based keyloggers based on patterns in executable code, heuristics and keylogger behaviors (such as the use of hooks and certain APIs).
No software-based anti-spyware application can be 100% effective against all keyloggers. Software-based anti-spyware cannot defeat non-software keyloggers (for example, hardware keyloggers attached to keyboards will always receive keystrokes before any software-based anti-spyware application).
The particular technique that the anti-spyware application uses will influence its potential effectiveness against software keyloggers. As a general rule, anti-spyware applications with higher privileges will defeat keyloggers with lower privileges. For example, a hook-based anti-spyware application cannot defeat a kernel-based keylogger (as the keylogger will receive the keystroke messages before the anti-spyware application), but it could potentially defeat hook- and API-based keyloggers.
Network monitors (also known as reverse-firewalls) can be used to alert the user whenever an application attempts to make a network connection. This gives the user the chance to prevent the keylogger from "phoning home" with their typed information.
Using one-time passwords may prevent unauthorized access to an account which has had its login details exposed to an attacker via a keylogger, as each password is invalidated as soon as it is used. This solution may be useful for someone using a public computer. However, an attacker who has remote control over such a computer can simply wait for the victim to enter their credentials before performing unauthorized transactions on their behalf while their session is active.
Similar to on-screen keyboards, speech-to-text conversion software can also be used against keyloggers, since there are no typing or mouse movements involved. The weakest point of using voice-recognition software may be how the software sends the recognized text to target software after the user's speech has been processed.
Alternating between typing the login credentials and typing characters somewhere else in the focus window can cause a keylogger to record more information than it needs to, but this could be easily filtered out by an attacker. Similarly, a user can move their cursor using the mouse while typing, causing the logged keystrokes to be in the wrong order e.g., by typing a password beginning with the last letter and then using the mouse to move the cursor for each subsequent letter. Lastly, someone can also use context menus to remove, cut, copy, and paste parts of the typed text without using the keyboard. An attacker who can capture only parts of a password will have a larger key space to attack if they choose to execute a brute-force attack.
These techniques assume incorrectly that keystroke logging software cannot directly monitor the clipboard, the selected text in a form, or take a screenshot every time a keystroke or mouse click occurs. They may, however, be effective against some hardware keyloggers.
Evidently hardware assisted brute force password cracking has arrived:A technique for cracking computer passwords using inexpensive off-the-shelf computer graphics hardware is causing a stir in the computer security community.Elcomsoft, a software company based in Moscow, Russia, has filed a US patent for the technique. It takes advantage of the "massively parallel processing" capabilities of a graphics processing unit (GPU) - the processor normally used to produce realistic graphics for video games.Using an $800 graphics card from nVidia called the GeForce 8800 Ultra, Elcomsoft increased the speed of its password cracking by a factor of 25, according to the company's CEO, Vladimir Katalov. The toughest passwords, including those used to log in to a Windows Vista computer, would normally take months of continuous computer processing time to crack using a computer's central processing unit (CPU). By harnessing a $150 GPU - less powerful than the nVidia 8800 card - Elcomsoft says they can be cracked in just three to five days. Less complex passwords can be retrieved in minutes, rather than hours or days.
As is common with malware building kits like this, there are multiple versions that have been cracked and disseminated. These cracks often have Trojans or backdoors added, in which case it is necessary to handle analysis even more carefully.
The latest major builder release is Warzone 2.7, which brought a Hidden Remote Desktop Protocol (HRDP) update and support for Windows® 10 Home. HRDP functionality allows the attacker to access the system at the same time as the victim without alerting them. This version has been cracked (as shown in Figure 2) and is easily found on VirusTotal.
The keylogger can be set up to continue collecting logs when the victim is not connected. This is offered as an alternative to the automatic password stealer, allowing the malware operator to attempt to catch logins not stored in the system.
2022 CrypterAcrylic DNS Proxy 2.0.0Active Paint Application 1.42Black s BooterBlackViperScript 6.2.1Blaschuko 2.2 - ALL IN ONE CRACKED TOOL FOR CRACKINGBlizzard Checker by RubiconTBlogger ZonPoster 2.9.9BoltAIO v2Bootable USB Replicator 0.2.000 BetaBootable USB Test 1.4.0000Brute Force SEO EVO2BulkMD5PasswordCrackerBurd s Proxy Searcher 5.1Byte Crypter V3ByteDOS v3.2CanalSatViewerCarbon HWID SPOOFERChaosPro 4.0.249CHECKER Uplay BY SPACEMANChrisPC Anonymous Connection 2.20ChrisPC Anonymous Proxy Pro 8.25ChrisPC Free VPN Connection 2.14.20Chrome Crypter 4.9ChromePasswordDecryptorCinePaint Glasgow 0.7ClrMamePro 4.041Codesoft PW Stealer 0.35CoinBase CheckerCombo Cleaner by 3ndS 2.7Combo ConverterCombo EditorCombo Filter V3Combo Optimiser 0.3Computech Windows Tweaker 22.214.171.124Content SamuraiContentSpiffer 1.4.2CopyToFlash 1.3CPix 2.6.0Cragslist Mailer 126.96.36.199Crosti 1.14.0Crunchyroll Checker by xRiskyCrypteX AdvancedCryptohopper Bot Master 2.7.2vCryptoTrader BOT - FINAL Cracked by ap3xCW Proxy ToolsetCW Proxy Toolset SFILECyberGhost VPN 7.2.4294Daemon Crypter 2 PublicDark IP Stealer - by mana5oliaDark Screen Stealer 2Dark Screen Stealer V2DC-Sakura Boyish-Downloader 2.65DeathByCaptcha Checker by CalixDevils Proxy ToolDeviman 1.0DevManView 1.72Digital Keylogger v3.3Dimension Stealer 2 by GumballDirectX Buster 2.1 Beta 4 Build 41DirectX Tweaker Public Beta 3Discord Agora s Token CheckerDiscord Checker by xPolishDiscord DestroyerDiscord Token Checker ULTRADiskCountersView 1.27Dism 10.1.1001.10Display Driver Uninstaller 188.8.131.52DllRegSvrDNSCrypt-Proxy 2.0.45DoNotSpy78 184.108.40.206Dork Searcher Setup v1091Dork Worker v2 by JeffTheKiddoDorkGen Cracked FinalDouble Driver 4.10Download Accelerator Plus Language Pack 5.3Downloading BlueStacks 220.127.116.1129Dr. VBS Virus MakerDracula LoggerDriver Cleaner Professional 1.5Driver Easy 18.104.22.168488Driver Magician 5.40Driver Magician Lite 5.01Driver Signature Enforcement Overrider 1.3bDriverGrabber 0.5.1DriverManager 1.02DriverMax 12.11DriverMon 0.30DriverPacks BASE 10.06DriverView 1.50Droplet 0.2.4 Beta StableDuBrute - RDP CRACKERDUMo Drivers Update Monitor 2.23.3Dupe RemoverEasy BinderEasy USB Creator Lite 2.3.1eBay BruteeBay BruteChecker v2Ebay Register CheckerEduFucker Fixed - Edu Email CheckerEmail Access Checker atr3Email Checker ProEmail To UserPass By AlphacrackEmisarry keyloggerEmsisoft Clean 2020.12.1.10579Enigma Virtual Box 9.60Entropy v5EQH Image Tool 2.2ESET Uninstaller 22.214.171.124Explode Web ScannerExpressvpn Checker V 1.0 - SorenaSoft TMEyeBrowse 2.7Facebook Accounts Checker By X-SLAYERFacebook Blaster Pro 11Facebook CheckersFacebook Power Lead ProFakeFlashTest 1.1.2Fast Steam Guard Code Fetcher by RubiconTFastStone MaxView 3.3FF Stealer Steam cafeFind ProxyFirefox Password Stealer - SteamcafeFixWin for Windows 10 10.2.2.0FixWin For Windows 8 2.2Fortlegends Checker Crack.sxFortNite Brute Checker 1 0 0 - Cracked By PC-RETFortnite Checker by BurnwoodFotografix 1.5Free Hide IP 126.96.36.199Free System Optimizer 1.0.0Free Uninstaller 1.1Free Windows Cleanup Tool 3.0Freegate 7.90Freehand Painter 0.95FreeProxy 4.10 Build 1751F-Secure Uninstallation Tool 188.8.131.52Fudsonly Stealer 0.1GC Proxys StephannyGeek Uninstaller 184.108.40.206GetGo Download Manager 220.127.116.1100Gift Card Generator By MT SOFTGIGATweaker 18.104.22.1685Glarysoft Absolute Uninstaller 22.214.171.124GLDirect 5.02GoldFlix GC Netflix CheckerGoogle Search Bot 3.2.5Gorillas ScraperGr3eNoX LFi ExploiterGrafx2 2.6.2538GraphicsGale 2.08.21Grieve Crypter 2012GSA Email Spider 5.30GUI for DISM 1.0.1HA CRYPTO V1.0Haasbot 3.1.1 Cracked by Zy3rHaba Proxy Scraper FINALHardentools 2.0Hash Analyzer 1.0Havij 1.152 Pro EditionHBO GO CHECKERHBO Now Checker by RubiconTHell P2P Worms Generator v1.08HiBit Uninstaller 2.5.95Hidden Windows 10 Features 1.1.0HideMyAss checker BY X-KILLERHigh Life CrypterHMA Proxy GrabberHoicHornil StylePix 126.96.36.199Hotstar CHECKER V0.1 By Scorpio 7447HotSwap 188.8.131.52HP USB Disk Storage Format Tool 2.2.3HQ Proxy Checker By MrPrinceXHQ Proxy Grabber V5.0.5HQScraperHttp Proxy Scanner 1.6Hulu Checker by xRiskyHwidgen 62.01 - Digital Licence Activator For Windows 10iBinderibVPN Brute Checker By MTSoft V2IconMaker 1.4Image Tuner 8.2ImageUSB 1.5.1003.0Imagine 1.1.0In Shadow Batch Virus Gen - 5.0.0 - MODINetGet 1.02InfiniteBulkMailerInfinity Crypter v2InfinityBlack AIOInjection Framework - Automatized Sql Injection ToolInstagram Brute Checker By Draingrominstagram Checker by xRiskyInstagram Reg Checker UpdateInstagram Social Tool V3.0 By Cyber-Data CRACKEDInstantGet 2.12Intel USB System Check 3.01ip KillerIP proxy scraperIPKILLER 2Ipvanich vpn CHECKER V0.1 By scorpio 7447IPVanish Checker by xRiskyIso2Usb 0.1.5.0iStealer 6.3 LegendsIVPlay 1.8.2JetClean 1.5.0JetClean Portable 1.5.0Kasos Keylogger - BuilderKaspersky Products Remover 1.0.1641.0Kega Fusion 3.64Keyword Scraper - by xRiskyKidux Proxy ScraperKill Switch v1.0 - VirusBuilderKiller Software Uninstaller 1.0.2020.0212KMSoffline v2.3.1 RU ENKurtix WiFi LoginLabStealerLaserGRBL 4.2.1LazPaint 7.1.6Lazy Mans Dork Gen v0.2LeechGet 2009 Release 2.1LF Shell BooterLiberkey 5.8.1129LightSpeed Uninstaller 2.0.1Luminar 4.2.0Mail Access v1 by Sh4lltearMajorGeeks Software Updater 3.0.0Malwarebytes Crack.sxMass Dork Scanner v184.108.40.206MAXACryptPortableMD5 AttackMD5SaltedHashKrackermdbruter FINAL EditionMEGA Checker by MalexMetroPaint 1.0.0Microsoft Download Manager 1.2.1Microsoft USBDVD Download Tool 220.127.116.11Midnight Stealer 1.5Milton 1.9.1Minecraft Checker by xRiskyMinecraft Generator By ZedMiniMailViewerMINIRULER V18.104.22.168Miracle Traffic BotMoHackz SQL Exploit ScannermtPaint 3.40Multi Password Stealer 1.6MultiMinerMulti-Vuln-Checker By-P.SMultyX Cracked v1.5My Drivers 5.02Myrz Antipublic v0.83Mz 7 Optimizer 1.1.0naBoota 1.2nBinder V 5.5Nemu64 0.8Net Version Checker 2.0NetAnts 1.25Netflix Checker by GOD Cracked By GM kaNetFlix Checker by xRisky v2Netflix Checker Shitter By Team-Otimus V3.0Netflix Checker v1 by Sh4lltearNetflix Checker V3.1 by CetrixNetflix GC Generator By SpaceXVIIINetflix password changer capture by RubiconTNinja Pendisk 1.9Ninja Proxy CheckernjRAT 0.7d - Fixed StealernLite Free 22.214.171.124NNEmailSpammer Publicno crypterNO GBA 2.7dNordVPN Checker by Monacoa - xRiskyNullAddFrontendNulled Hash KX99Online Reverse Hash Tool v3.3Onyx NordVPN CheckerOptimizer 6.8Origin by ColorPageOrigin CheckerOrigin Checker By X-SLAYEROrigin Games CheckerOwnZ Crypter 3.5.9Panda Generic Uninstaller 15.14.6Pass Stealer 3.0Password REAPER - Email Tool HackPastebin Leecher v1PayPal Checker Combo by 3monPaypal Receipt GeneratorPCI-Z 2.0Perl Dos Client By Arron XRPHP keyloggerPinpal Bot 126.96.36.199pixel Stealer 1.4.0PlaystationChecker V2 - Cracked By PC-RETPoisonLoggerPolicy Plus 1.0.0PornHub CheckerPornHub Checker AlexanderPointPortableApps.com Platform 17.1.1Pristy Tools 2.7.4Project Neptune v1.78Project Neptune v2.0Prompt Drivers Backup 1.5ProStealerProxy Buddy v1.5 Cracked by PC-RETProxy Checker v0.2 By X-SLAYERProxy Checker v1 by WolfCrawlerProxy Cracked By Agh4 SaeedProxy Generator 1.3.6 BETAProxy Grabber by BARRAcUDAProxy Grabber v0.1Proxy Leecher by AlphacrackProxy Leecher By PJProxy Scraper by xRisky v1.0Proxy Shark v3.5Proxy TesterProxyFire Master Suite Professional 1.25Proxyscape ScraperProxyUnsetter 1.71PSC PIN GENERATORPsn Bruteforcer CheckerPsn Checker V0.1 By ScoroioPSN-brutechecker-by-Bax77 pcrtPsomasweb Public Rinajel CrypterPublic Firefox 3 StealerPw Stealer by Killer110qqtube Accounts Checker By X-SLAYERQuest CrypterQuickReg 1.0rainbowcrack-1.5-win32Rapid Keylogger v 1.1RapZo Logger v 1.5 Public EditionRatool Removable Access Tool 1.4RDP CrackerRDP xtscrack Cracker 0.9Refacts CrypterReGet Pro 3.4 Build 265RinLoggerRockNES 5.65Saddam CrypterSafeIP 188.8.131.5216Sandboxie 5.49.0ServiWin 1.71SetACL Studio 1.6.0SHA256SaltedHashKrackerShadow Defender 184.108.40.2066Sharp Keylogger v1.0Shock Labs File Binder v1.0SHThashCrackerSImple Crypt0r v2Simple System Tweaker 2.2.0SimpleStealer 2.1SLAYER Leecher v0.6SLAYER Leecher v0.7SlimDrivers 2.21.0Small Utilities Suite 220.127.116.11Smart DNS Changer 18.104.22.168Smarty Uninstaller Pro 4.9.6Snappy Driver Installer Origin 22.214.171.1249Snappy Driver Installer R2102Snes9x 1.60Social Club CheckerSocialBotSoluto 1.3.1328.0Sophia Script Wrapper 5.3.1Spider MailSplit CombosSpotify Checker - SpotHearSpotify Checker by AsakaSpotify Checker By DJR - Cracked by FullMoonSwordSpotify Checker by KniXSpotifyAccountCreatorSQL Exploiter Pro 2.15SQL Exploiter Pro v2.10SQL HelperSQL Injection Tool v2.1aSQLi Dumper v.8.0SQLi Dumper v.9.8.2SQLI-Hunter v1.2SSTap SOCKSTap 126.96.36.199 BetaSStealer by till7Star Downloader 1.45Steam Account GeneratorSteam Accounts Checker v0.4 By X-SLAYERSteam AchievementManagerSteam Checker by Mr.ViPERSteam Login Checked by LowSkiIISteam Stealer 1.0 by ghstoySteam Stealer by till7SteamMachine - Account CheckerStella 32 Bit 6.5.2Stella 64-Bit 6.5.2Stolen Nitro Discord Code GeneratorSUMo 5.12.8Surf Anonymous Free 188.8.131.52SyMenu 6.14.7660SysloggerSystem Mechanic Free 184.108.40.206System Stealer 2SysTools Driver Viewer 1.0TCM sSkinCheckerte port scannerThe DarKness binDerThe Simpsons Stealer 0.2The Ultimate Survey Bot V2.3Tiger Youtube BotTinyNvidiaUpdateChecker 1.14.2Toolwiz Care 220.127.116.110Toolwiz Time Freeze 18.104.22.16800Traceless 1.1.8TrueDownloader 0.82TSP Dork generator v11.0TSP Dork generator v8.0TubenoiaTwitch RegcheckerTwitterCheckerProtectedUltimate Paint LE 2.88Ultimate Settings Panel 6.6Ultimate Virus BuilderUltimateLoggerUltraSurf 19.02UnblockDoom 22.214.171.124Unchecky 1.2Universal Plug-and-Play Tester UPnPTest 2.11 Build 82.5Universal Stealer 1337 3Universal Windows Downloader 0.2Unknow Crypter PrivateUNLIMITED PW STEALER 0.4Uplay Account Generator - Freedom FoxYuPLay Checker by InkzProdUplay checker V2.0 By ScorpiouProxy Tool 2.1Uranium WormUrl To Dork ConverterUSA dominos Checker by RubiconTUSB 007 1.1.0USB Detect Launch 1.5USB Device Tree Viewer 3.5.3USB Devices Viewer 1.02USB Disabler 1.1USB Disk Ejector 126.96.36.199USB Disk Security 6.7USB Disk Storage Format Tool 6.0USB Historian 1.3USB Manager 2.05USB Ports Disabler 1.0USB Protection Tool 1.0USB Repair 188.8.131.520USB Safely Remove 6.3.3USB Toolkit 2.0USBDeview 3.01USBLogView 1.26USBlyzer 2.2uTorrent SpeedUp Pro 184.108.40.206Valid Email BruteChecker 1.1 - by thekorolValoKeker Cracked By SpArtOr Cox - Valorant CheckerValorant Checker by XinaxVery Fast AntiPublic v2.0 Coded by Micovideo4pc 3.3Vieas 220.127.116.11Viotto Keylogger 2.0Virtual Wi-Fi Router 3.2.1VisualWget 2.6VPNReaperv2-crackedVSUsbLogon 1.13.3VSVideoDownloaderLite 0.8.1.821Vuln HunterVulnerability Master 1.0Vulnerable scannerWalmart Checker Zer0nWebCruiserWebCruiserProWebSurgery-Setup-1.1.1WiFi Password RevealerWii U USB Helper 0.6.1.655Win10 All Settings 18.104.22.168Win10 Wizard 22.214.171.124Win10Clean 1.0.0Winaero Tweaker 0.19.1Windows 10 ISO Download Tool 126.96.36.199WinRAR 6.0 FINAL KeyWinToUSB 5.8WinUSB 188.8.131.52WireGuard 0.3.8Wise YouTube Downloader 2.84.114Worm s2WWD DORK Generator By JohnDoe v.2.1X0 Proxy Scraper V2XCodeExploitScannerxTumble BotYoutube Blazzer V1.0YouTube Bot ap0winYoutube Live Stream View BotYouTube View Increaser v3YUMI 0.0.3.5Zenbot 4.1.4 Cracked 2b1af7f3a8