Beware of Keyloggers? Understanding the Infection Paths and Countermeasures for Spreading Malware

Recently, malware called keyloggers, which record mouse and keyboard input to steal information, has become prevalent.

Since it can infect not only personal computers but also those used within companies, IT personnel must pay closer attention to security measures.

Therefore, this article explains the infection paths and countermeasures for malware caused by keyloggers. Please use it as a reference.

Table of Contents

1. What is a Keylogger?
2. Types of Keyloggers Recognized as Malware
3. Software Keyloggers
4. Hardware Keyloggers
5. Main Infection/Entry Paths of Keyloggers
6. Email, Website Browsing, and Software Installation
7. Connecting Keyloggers to Computers and Peripherals
8. Damage Caused by Malware Using Keyloggers
9. Unauthorized Access
10. Unauthorized Money Transfers and Personal Information Leaks
11. Damage Combining Malware
12. Keylogger Detection and Discovery Methods
13. Detection and Discovery Methods for Software Keyloggers
14. Detection and Discovery Methods for Hardware Keyloggers
15. What to Do When Infected with Malware by a Keylogger
16. Preventive Measures Against Malware Infection by Keyloggers
17. Implementation of Security Software
18. Check Terminals and Peripherals
19. Do Not Open Suspicious Sites/Links
20. Use a Security Keyboard
21. Use Password Management Tools and Input Encryption Tools
22. Summary

1. What is a Keylogger?

A keylogger refers to software that records (logs) mouse clicks and keyboard operations. Understanding mouse and keyboard records can be useful for program debugging and data backup.

However, it has now become widespread as malware used to steal personal information, including IDs and passwords, based on the above log information. Unlike viruses, it is difficult to detect abnormalities, which is why keylogger damage is increasing.

2. Types of Keyloggers Recognized as Malware

Keyloggers recognized as malware, rather than for their original purpose, mainly come in two types: “software type” and “hardware type.”

Each has different characteristics, so let’s look at how they differ.

2-1. Software Keyloggers

Software keyloggers are mostly spyware like Trojans and are installed on devices such as computers to obtain information.

With the increasing prevalence of remote work, endpoints are increasingly managed by individuals rather than companies. This makes security more vulnerable and increases the risk of infection with software keyloggers.

2-2. Hardware Keyloggers

Hardware keyloggers are connected directly to the USB port or between the computer and keyboard to obtain records of key input.

In some cases, they may be built into the keyboard, making the infection path difficult to determine. Furthermore, a characteristic of hardware keyloggers is that they are almost impossible to detect with antivirus software.

3. Main Infection/Entry Paths of Keyloggers

Keyloggers have different infection/entry paths depending on whether they are software or hardware types. Let’s look at what infection/entry paths exist.

3-1. Email, Website Browsing, and Software Installation

The infection/entry path for software keyloggers is email, website browsing, and software installation.

For example, there are cases of clicking files or links attached to spam or phishing emails. Recently, there have been increasing cases of disguising as genuine official websites to induce installation or download, leading to infection without noticing.

Other possible infection/entry paths include:

• Keyloggers being installed simply by accessing a website
• Infected malware installing a keylogger

3-2. Connecting Keyloggers to Computers and Peripherals

For hardware keyloggers, the infection/entry path is connecting to computers and peripherals. While the act of connecting itself is simple, the ability to approach the target company or computer is important.

For example, there is a method of infiltrating a company by posing as a cleaner or equipment inspection worker and connecting a keylogger to the computer. The connected keylogger can then be retrieved during subsequent cleaning or inspection, leaving no evidence.

Alternatively, there are methods of being hired as an employee to sneak in or bribing a current employee to connect the keylogger. The difficulty increases as human intervention is required for the connection process.

4. Points for Shadow IT Countermeasures

What kind of damage can be caused by malware using keyloggers?

Here, let’s look at three examples of keylogger damage:

• Unauthorized access
• Unauthorized money transfers and personal information leaks
• Damage combining malware

4-1. Unauthorized Access

If the IDs and passwords required to log in to software and groupware are obtained by a keylogger, confidential files within can be stolen.

There have also been cases of unauthorized access to SNS accounts, where malicious links are sent indiscriminately to followers. Since the account itself is legitimate, other users may let their guard down and click the links, spreading malware infection.

4-2. Unauthorized Money Transfers and Personal Information Leaks

There have been cases where IDs and passwords were obtained while using online banking while infected with a keylogger, leading to unauthorized money transfers.

A new method involves illegally entering a residence, connecting a hardware keylogger, and later using the obtained information to make unauthorized money transfers. In addition to IDs and passwords, personal and confidential information such as documents and email content can also be stolen.

4-3. Damage Combining Malware

There have been numerous cases where various information has been stolen by combining keyloggers with malware such as worms and ransomware. Among these, screen scrapers, which take screenshots at the moment of a click, are highly compatible with keyloggers, and damage is rapidly increasing.

For example, there is a method of not using a real keyboard as a keylogger countermeasure, but this is meaningless if a screen scraper is used. The combination of a keylogger and screenshots reveals what has been entered.

5. Keylogger Detection and Discovery Methods

To confirm that you are not infected with a keylogger, you should know the detection and discovery methods. Next, we will explain the detection and discovery methods for each of the software and hardware types.

5-1. Detection and Discovery Methods for Software Keyloggers

To detect software keyloggers, it is common to use antivirus software. To further increase the detection sensitivity, it is recommended to use comprehensive security software.

Keyloggers used to be easy to detect as malware, but the number of types that are difficult to recognize, like Trojans, is increasing. Therefore, when introducing security software, be sure to check whether it is the latest version.

5-2. Detection and Discovery Methods for Hardware Keyloggers

It is difficult to detect and discover hardware keyloggers with security software. Therefore, it is appropriate to check the computer and peripherals visually.

Check the following to determine if a hardware keylogger is connected:

• Is there a suspicious device connected to the computer’s USB port?
• Is there an unnecessary device connected between the keyboard and the computer’s connection terminal?

6. What to Do When Infected with Malware by a Keylogger

If it is discovered that you are infected with malware by a keylogger, disconnect the computer from the Internet without using it. Since keyloggers only record mouse and keyboard input history, no information can be obtained if you don’t touch them.

However, this may interfere with business operations, so it is effective to use security software to remove it. Also, uninstall any software that is suspected to be a keylogger.

Software can be checked from the task manager.

• How to check the task manager on Windows: Press “Alt+Ctrl+Delete” simultaneously
• How to check the task manager on Mac: Press “Shift+command+U” simultaneously

In the case of a hardware keylogger, you can deal with it by removing the device that is causing the problem, so check for suspicious devices and remove them.

7. Preventive Measures Against Malware Infection by Keyloggers

Preventive measures should be taken on a regular basis to avoid keylogger infection. Here is a summary of what kind of preventive measures are available, so let’s start implementing what you can.

7-1. Implementation of Security Software

The most effective measure against software keyloggers is implementation of security software.

By implementing security software, you can prevent infection with malware such as viruses and worms, as well as keyloggers.

7-2. Check Terminals and Peripherals

As a hardware keylogger prevention measure, it is recommended to check the terminals and peripherals visually.

It is safe to check daily for suspicious devices on the computer’s USB port and the connection between the keyboard and the main unit.

7-3. Do Not Open Suspicious Sites/Links

If you easily open websites and links, the risk of malware infection increases. Therefore, make sure to never open suspicious sites and links.

In particular, companies that leave device management to individuals should strive to improve individual internet literacy.

7-4. Use a Security Keyboard

Using a security keyboard that displays the keyboard on the screen does not leave a record on the keylogger and can be used as a countermeasure.

However, as mentioned above, be aware that it is meaningless in the case of malware infection combined with a screen scraper. Since malware that can take screenshots and record screens is increasing, be careful not to be overconfident with just a security keyboard.

7-5. Use Password Management Tools and Input Encryption Tools

To avoid entering the keyboard, one way is to use a password management tool to automatically enter pre-registered strings. With automatic input, no records remain on the keylogger, and information is not read.

Also, if you use a tool to encrypt key input, the keylogger will not be able to decipher it. If you prepare such tools in advance, you should be able to deal with the situation without having your information stolen, even if you are infected with a keylogger.

Summary

This article explained the infection paths and countermeasures for malware infection by keyloggers. To avoid infection with software keyloggers, it is most effective to install reliable security software.

Combining this with daily device and peripheral checks can also help prevent hardware keyloggers. If personal and confidential information is leaked, there is a risk of damaging the company’s credibility, so please carry out operations in a safe environment with thorough countermeasures and management.

If you have any questions, please contact globalsupport@jiran.com.