What is a keylogger?
A keylogger or keystroke logger is a small piece of hardware or software that is used to capture the actions of keys struck on the keyboard. It is used to monitor what a user is typing on the keyboard secretly and thus is often used by attackers. Attackers often use keyloggers with trojans and spyware.
How do keyloggers work?
There are a couple of techniques that are used to implement a keylogger. These keyloggers can be hardware-based or software-based.
What are software-based keyloggers?
A software-based keylogger is implemented in the following ways:
- The attacker can secretly make a malicious hypervisor that can run underneath the operating system once the computer is infected by malware (What is hyperjacking?). In that case, the computer effectively becomes a Virtual Machine, and the keylogger runs within the hypervisor.
- Once a computer is infected by malware, the malware can manage to get root access, and the keylogger may hide within the kernel level. In that case, whenever a keystroke passes through the kernel, the keylogger acts as a kernel device driver and collects information about whatever is typed by the user.
- The keylogger software can hook keyboard APIs in the running application. As a result, whenever a user releases a keystroke, the keylogger is called, and it collects information about keystrokes.
- A keylogger may monitor user activity. Whenever a form is submitted, the keylogger may collect information on whatever is typed in the web form before the web form is submitted to the web application.
- Keyloggers may even monitor memory tables associated with a web browser and associated system functions, and collect information on keystrokes by altering the tables.
- The keylogger may capture network traffic associated with HTTP POST in a computer and collect information about data sent over HTTP POST. But, when using HTTPS, this possibility becomes much less.
What are hardware-based keyloggers?
A hardware-based keylogger is implemented using hardware. …
0 Comments