How to Check to See if You Are Being Keylogged

By Clare Edwards

Keyloggers can record every keystroke you make.
i Images

Keyloggers record keystrokes as someone types on a computer or a mobile device. Most keyloggers are software-based. Hardware keyloggers also exist but are less common. Some keyloggers leave tell-tale signs of their presence on a system, but newer types can be very hard to detect. Signs that you're being keylogged may include repeated hacking of your email or other password-protected accounts. Anti-malware applications can help you uncover and remove keylogger programs.

Hardware Keyloggers

Hardware keyloggers use physical data storage to record keystrokes. Inline keyloggers are connected between the computer and the keyboard, where they can easily be mistaken for part of the normal cabling. More discreet units include small devices that can be hidden inside the keyboard; the keyboard itself may be manufactured to include keylogging hardware. Data sniffers -- devices that pick up packets of wireless data -- can be used to log keystrokes from wireless keyboards. To read the data, a hardware keylogger may need to be connected to another computer. Some devices can transmit data wirelessly.

Software and Firmware Keyloggers

Software keyloggers are small utilities that run in the background of a computer system and record keystrokes. Legitimate keylogger software is installed like any other application. Keyloggers may also be installed as part of the payload of a Trojan horse and a computer's BIOS can be also altered to record keystrokes. Keylogger programs can be installed on the firmware found in peripherals, such as some more advanced keyboards. It is very difficult to remove firmware keyloggers; in the case of keyboards, it may be necessary to replace the entire device.

Keylogger Symptoms

Occasionally, a keylogger may cause your computer to behave strangely. You may see previously entered text appear on the screen in reverse order. Unusual icons and unfamiliar processes can also be a sign of a keylogger. If network lights or drive lights blink while you type and not at other times, this could be a sign that your keystrokes are being recorded. More commonly, keylogger activity is concealed. The only sign may be repeated unauthorized access to password-protected accounts.

Checking for Hardware Keyloggers

Hardware keyloggers can't be detected by virus checkers. Check your cabling for new or unusual elements, especially connected between the keyboard port at the back of your computer and the keyboard's cable. Newer hardware keyloggers can also be attached to USB ports. Check your keyboard's case for signs of tampering. If you didn't purchase the keyboard yourself, note the make and serial number and perform a Web search for these. If your keyboard's model number belongs to a keystroke logging model or if it appears to have been tampered with, replace your keyboard.

Checking For Software Keyloggers

Less sophisticated keyloggers may be revealed by opening the Windows Task Manager or running utilities such as Process Monitor. More advanced keystroke logging malware will be concealed from these. Running an anti-malware utility designed specifically to detect Trojans and spyware may be the only way to detect keylogger programs, as these are not always picked up by standard anti-virus software.