Articles > Information Technology > What is keylogging?
What is keylogging?

Written by Michael Feder

Reviewed by Kathryn Uhles, MIS, MSP, Dean, College of Business and IT

A keylogger is a program that monitors device activity by recording every key that is pressed and then saves that data to a file. This type of program can be used as an effective security measure, as well as a malicious threat if it's in the wrong hands. Let’s discuss more about this cyberthreat, including different types, potential dangers and what to do to help protect devices.
The uses and risks of keylogging
Keylogging can be used for legitimate purposes. For example, high-security employers might use keystroke recording programs to monitor employee activity around sensitive files. In other cases, organizations might use a keylogger to decrease the risk of data theft.
When used illegally or without the user’s knowledge, a keylogger is a form of spyware. These covert programs maliciously monitor a user’s activity to steal personal information, including payment details, passwords and login credentials.
What are the different types of malicious keylogging?
Some of these malware programs live online; others live directly in hardware and are installed and removed by a hacker. Despite the differences, all malicious keyloggers share a common element — they can observe, track and report on activity without the device user knowing about it.
API
API keyloggers work by monitoring keystrokes from application programming interfaces (APIs). It basically creates a communication link between two computers. The API allows the devices to “speak” with each other, which lets a hacker’s device receive all keystrokes recorded from the user’s device.
Form-grabbing
A form-grabbing keylogger is primarily used to record data entered into online web forms. Whenever users enter their personal information into a website’s form, the program records the data.
Form-grabbing spyware often doesn’t exist on a user’s device. Instead, it is typically hidden inside a website’s code. When a user visits the unsecured website, the form-grabbing program records keystrokes and delivers the information to the hacker who implemented the malicious code.
Kernel-based
Kernel-based keylogging programs work in multiple stages. First, the program will achieve root access — the authority in a device to carry out any command or access any file on the device’s hard drive. With this, a kernel-based program will begin tracking a user’s keystrokes.
These programs remain hidden while extracting information. Even when running, they often don’t appear in the device’s task manager application. They’re also difficult to find and remove since they appear to have full, administrator-level permissions.
Hardware
A hardware keylogger is a physical device capable of tracking a user’s keystrokes. Sometimes it looks like a camera that can visually register keystrokes. In other cases, it might be built into the keyboard or connected to the computer via USB.
This rigged hardware begins work soon after they are connected to a computer . Tracked keystrokes are saved to a device, often without the user knowing. To retrieve the saved keystroke files, the hacker usually has to retrieve the hardware from the computer. Although this isn’t common, it is important to be aware of.
Acoustic
An acoustic keylogger program records the sound that each key makes when pressed. Since each key makes a slightly distinct sound, it can track which key is pressed based on the noise it makes.
After acquiring the sound files of the keys, hackers will then translate the sounds to identify which keys a user has pressed. Acoustic keylogging programs are used less often than other forms since the sounds recorded are sometimes muffled or inaccurate.
What are the dangers of keylogging?
Keyloggers can be dangerous when used by cybercriminals. If the program is not identified and eliminated, a hacker can steal a lot of sensitive information. While keystroke logging spyware won’t negatively affect the state of a hard drive, it can easily steal and exploit data before a user knows what’s happening.
Identity theft
Cybercriminals with access to a user’s keystrokes also have access to sensitive information, including passwords and bank details. Armed with this information, they can steal a person’s identity, which can result in financial loss, compromised Social Security accounts and emotional stress.
Fraud
Keylogger-based fraud can affect a person’s identity, finances and even friends and family members. Some hackers use a person’s keystrokes to send messages to the victim’s personal contacts, often as part of a phishing scam . Other hackers use saved social media passwords to impersonate the victim and create fraudulent posts
. With the right bank information, some scammers might go straight for finances.
Cyberstalking
Cybercriminals can also mine information from keystrokes, which results in cyberstalking — when cybercriminals use the internet to harass, intimidate or bully others. An estimated 40% of Americans have experienced some form of online harassment.
Cyberstalking can often begin through an email or a message that feels harmless. The conversation quickly becomes less friendly, though, as cybercriminals continually contact a person even after the individual has asked for interactions to stop. Some cybercriminals will contact the same person through multiple accounts.
How to protect your devices from malicious keylogging
It’s important to give devices the best chance possible against these malicious programs. This means following the best preventive practices:
- Keep all antivirus and anti-malware software up to date.
- Same goes for any device. When your protection programs release a new update, take the time to upgrade and eliminate any potential vulnerabilities.
- Stay away from suspicious emails or email attachments. These emails and attachments might contain keylogger programs, sent from cybercriminals who want access to keystrokes.
- Store important files in the cloud and regularly back up files to a secure location.
- Update firewalls that regularly block such programs and hackers.
How do you remove a keylogger from a device?
If a malicious program is identified on a device, remove the program as quickly as possible. This is critical to do before the it begins sending your information to one or more cybercriminals.
Start by checking for antivirus or anti-malware software when removing an malicious program. Run the device's protection program to determine if it is infected with any spyware. Only use trusted sources to download an anti-malware program since some spyware can hide within malicious programs posing as legitimate security programs.
Make sure to uninstall or delete any untrusted programs the security program finds. Hardware — including your affected hard drive — may also need to be removed to fully eradicate the infection.
Exercise caution while completing any of the above steps. These programs can easily hide within other programs and may still be present even if they seem to be fully removed. If necessary, consult an IT expert for advice while attempting to remove a keylogger.
What are the benefits of keylogging?
Tracking and recording keystrokes isn’t always a bad thing. In some cases, it can be used to create transparency and healthy levels of accountability.
Here are some of the benefits of proper keylogging:
- Monitoring daily commitments — The amount of time spent on a device’s application can be tracked to ensure time is managed properly.
- Reducing theft risks — Corruption can be caught at the source and minimize the risk that an employee will steal company property.
- Controlling internet activity — Parents or guardians can monitor their child’s internet browsing habits. Employers can also block access to sites that might waste their employees’ time.
- Creating productivity insight — Some of these programs can create reports based on device user habits to help employers make decisions based on where time was spent during a day, week or month.
When used in a business environment, many employers choose to notify their employees of using keystroke tracking so they are aware of tracking programs in place.
How can keylogging knowledge be used in a career?
Keylogging skills can be used in several ways in various careers. These include cybersecurity, or information technology
, particularly in a role that oversees employee security or productivity.
You’ll likely need to obtain a degree in technology for either of these positions. Many aspiring cybersecurity and IT professionals pursue a degree in cybersecurity to improve skills in risk management, cloud security, systems administration and other fields.
Learn about keylogging and more in a cybersecurity program
Whether you’re seeking to gain a basic understanding of IT, or specialize in areas of cybersecurity like keyloggin, malvertising, and other cyberthreats, University of Phoenix offers online courses, certificates and degrees that include.
- Associate of Science in Cybersecurity
- Bachelor of Science in Cybersecurity
- Bachelor of Science in Information Technology
- CYB/110 Foundations of Security course
- Certified Ethical Hacker Course Collection
- Computer Hacking Forensics Investigator Course Collection
Contact University of Phoenix for more information .

ABOUT THE AUTHOR
A graduate of Johns Hopkins University and its Writing Seminars program and winner of the Stephen A. Dixon Literary Prize, Michael Feder brings an eye for detail and a passion for research to every article he writes. His academic and professional background includes experience in marketing, content development, script writing and SEO. Today, he works as a multimedia specialist at University of Phoenix where he covers a variety of topics ranging from healthcare to IT.

ABOUT THE REVIEWER
Currently Dean of the College of Business and Information Technology, Kathryn Uhles has served University of Phoenix in a variety of roles since 2006. Prior to joining University of Phoenix, Kathryn taught fifth grade to underprivileged youth in Phoenix.
This article has been vetted by University of Phoenix's editorial advisory committee.
Read more about our editorial process.