How can I tell if a keylogger has been installed on my computer and smartphone?
This question was answered on June 7, 2018. Much of the information contained herein may have changed since posting.
Keyloggers are programs used to silently record keystrokes that can be part of a parental control program or as a nefarious program used by remote hackers to steal information.
Detecting keyloggers can range from being very easy to very difficult depending upon how and what was installed.
Methods Of Infection
Keyloggers can be installed through random infections or through direct access to your device.
If you don’t keep your security software, operating system and utilities up-to-date, random exploits from a wide variety of sources on the Internet can allow a keylogger to be installed.
If someone gains access to your unlocked device, it’s the easiest way to install any number of programs that can record your keystrokes and capture screenshots.
Basic Detection Methods
When commercial programs are used, such as parental controls, they are often detectable by searching through the installed apps or programs on the device. If found, the removal of the tracking program is generally all that’s needed to ensure that no keystrokes will be recorded from then on.
If you do find such a program, you may want to look at any logs that have been created before you remove the program so you’ll know what information has been gathered by it.
Another simple thing to check is for a small hardware device connected between the end of the keyboard cable and the keyboard input on the computer.
If your computer seems to lag when you are typing things, it could be an indication of a keylogger, although many other scenarios can contribute to this symptom as well. In any case, determining why your computer is lagging is a good idea.
Advanced Detection Methods
If you’re technically inclined with Windows, you can examine running processes via the Task Manager to search for extra instances of ‘winlogon.exe’ or other unusual ‘.exe’ processes that are running. You’ll also want to check all the startup entries for anything unusual.
Advanced Mac users can use the Activity Monitor in Utilities to examine running processes for anything suspicious looking as well.
You’ll also want to check your security software to make sure that a strange program has not been added to the ‘exceptions’ list in your program’s settings.
Software Protection Programs
There are a number of programs designed to either prevent or detect keyloggers from infecting your device. Start by checking your existing security program for keylogger protection features and make sure they are up-to-date. If not, options such as MalwareBytes Anti-Rootkit tool (Windows - https://goo.gl/i2wyGX) or Chkrootkit ( Mac - http://chkrootkit.org) can be used to search your system for signs of suspicious programs.
Installing keyloggers on smartphones is most likely to happen when someone is able to gain access to an unlocked device and physically install a program, so make sure you have a lock code setup and lock your phone whenever you aren’t using it.
Unless you’ve been infected by a state sponsored hacker, resetting a smartphone to factory defaults will wipe everything out and allow you to start over with a clean device.
About the author
Posted by Ken Colburn of Data Doctors on June 7, 2018