 Abstract

This report focuses on Keylogger software, a significant threat in the

field of Information Security. A keylogger is a type of surveillance
technology used to monitor and record every keystroke on a device.
While it can be legally used for purposes such as employee monitoring
or parental control, it is more commonly associated with malicious
activities like identity theft, password stealing, and unauthorized data
access.

The report covers the different types of keyloggers, including software-

based, hardware-based, kernel-level, and browser-based variants. It
explains how keyloggers operate, the risks they pose to confidentiality
and privacy, and how they can be detected and prevented using
modern security tools.

In the context of Basics of Information Security (BIS), understanding

keyloggers is essential to building effective defense mechanisms and
promoting safe digital practices. This report also touches on ethical and
legal considerations related to the use of keylogging software.
  Introduction
In the digital age, information security is more important than ever.
One of the most common and dangerous threats to data privacy is a
type of malicious software called a Keylogger.

A Keylogger (short for keystroke logger) is a tool that records every key
you press on your keyboard. While some keyloggers are used for
legitimate purposes like parental control or IT troubleshooting, many
are used for illegal spying and data theft.

Cybercriminals use keyloggers to secretly collect sensitive information

such as:

 Passwords
 Credit card numbers
 Personal messages
 Banking details

Once this information is captured, it can be misused to gain

unauthorized access to systems, steal money, or commit identity theft.

Understanding how keyloggers work, how they are installed, and how
to prevent them is a critical part of learning Basics of Information
Security (BIS).
  Purpose of a Keylogger
 Legitimate Uses:
o Parental control and employee monitoring (with consent)
o IT troubleshooting
o Law enforcement investigations
 Malicious Uses:
o Stealing login credentials
o Monitoring chats or emails secretly
o Identity theft
o Unauthorized surveillance

 Detection and Prevention

Detection Tools:

 Antivirus/Antispyware software (e.g., Malware bytes, Norton)

 Unusual CPU or process activity
 Key logger-specific detectors (e.g., Spy Shelter)

Prevention Tips:

 Regularly update software and OS

 Use on-screen keyboard for sensitive input
 Install only trusted programs
 Monitor outgoing traffic
 Use anti-keylogger software and firewalls
  Types of Keyloggers

1. Software-Based Keyloggers
These are applications installed on a device to capture keystrokes.

Kernel-based: Works at the OS kernel level, difficult to detect.

API-based: Uses system APIs to intercept keystrokes.

Form grabbers: Captures data entered into web forms before it is

encrypted.

Clipboard loggers: Monitors data copied and pasted.

2. Hardware-Based Keyloggers
Physical devices attached between a keyboard and the computer, or
embedded inside the keyboard.

Sub-types:

Keyboard hardware key logger: Installed in line with the keyboard

connection.

Wireless key logger sniffers: Intercept wireless keyboard signals.

Firmware-based: Pre-installed into hardware firmware (like BIOS).

Legitimate Uses of Keyloggers

Parental Monitoring – To supervise children's computer usage.

Employee Monitoring – Ensuring productivity and data protection in

corporate settings.

IT Troubleshooting – Tracking user input to identify software errors.

Law Enforcement – Used in criminal investigations under legal

authorization

Malicious Uses of Keyloggers

Identity Theft – Stealing usernames, passwords, and sensitive data.

Corporate Espionage – Spying on companies for competitive advantage.

Banking Fraud – Capturing online banking credentials.

Advantages of Keyloggers

Surveillance and monitoring: Helps ensure compliance and security.

Data backup: Recover lost text due to software crashes.

Parental control: Helps parents monitor children’s online beha

Performance analysis: Can track how efficiently employees work.

Disadvantages of Keyloggers

Invasion of privacy: It can breach the user's personal space.

Legal issues: Unauthorized use is illegal and punishable in many

jurisdictions.

Security risks: Can be exploited by hackers to steal confidential data.

System performance: Some keyloggers can slow down system

performance or cause instability

Detection and Prevention

Use reputable antivirus and anti-spyware tools.

Install firewalls to detect unknown outbound data transfers.

Keep software and OS updated.

Avoid downloading attachments or clicking links from unknown

sources.

Use on-screen keyboards for sensitive logins.

  Keylogger Detection - Code Explanation
This Python script is a basic keylogger detector that performs two main
security monitoring tasks:

1. Detects suspicious processes running in the system.

2. Monitors typed keystrokes for sensitive or suspicious keywords
like keylogger, spy, and sniffer.

Modules Used

 psutil: For accessing system process information (e.g., names,

PIDs).
 pynput: To monitor and capture real-time keyboard input.
 threading: For running multiple tasks simultaneously (multi-
threading).
 time: For creating time-based delays between tasks.

1. Suspicious Keyword and White list Setup

suspicious_keywords = ["keylogger", "spy", "sniffer"]

whitelist = ["HidMonitorSvc.exe"]

 These keywords are checked against running process names and

typed characters.
 Whitelisted processes are ignored even if they contain suspicious
words.
2.Check Running Processes for Suspicious Activity

def check_processes():
...

 Scans all running system processes using psutil.

 If a process name matches a suspicious keyword (and isn't
whitelisted), a warning is printed.

3.Capture and Monitor Keyboard Input

def on_press(key):
...

 Tracks every key pressed.

 Stores typed characters in a buffer of the last 50 characters.
 Checks the typed text for any suspicious keywords and alerts if
found.

Example Output:

[!] Suspicious keyword typed: 'keylogger'

[KEY] k
4. Reset Detected Keyword List Periodically

def reset_detection():
...

 Clears the detected_ keywords set every 15 seconds.

 Prevents repeated warnings for the same keyword unless it’s
typed again later.

5. Exit on Escape Key Press

def on_release(key):
...

 Exits the program gracefully when the Escape (ESC) key is pressed.

6. Monitoring Loops in Threads

def monitor_system():
...
def monitor_keyboard():
...

 Runs the process checker and keyboard listener in separate

threads.
 Allows real-time parallel monitoring of both activities.
  Code
import psutil

from pynput.keyboard import Listener, Key

import threading

import time

# List of suspicious keywords

suspicious_keywords = ["keylogger", "spy", "sniffer"]

# Optional whitelist (skip these even if they match keywords)

whitelist = ["HidMonitorSvc.exe"]

# Buffer for typed characters

typed_chars = []

# Already detected keywords (to prevent repeated warnings)

detected_keywords = set()

# Function to check for suspicious processes

def check_processes():

for proc in psutil.process_iter(['pid', 'name']):

 proc_name = proc.info['name']

if proc_name in whitelist:

continue

for keyword in suspicious_keywords:

if keyword.lower() in proc_name.lower():

print(f"[!] Suspicious process detected: {proc_name} (PID:

{proc.info['pid']})")

# Keyboard press handler

def on_press(key):

global typed_chars, detected_keywords

try:

char = key.char.lower()

typed_chars.append(char)

# Limit buffer to last 50 characters

if len(typed_chars) > 50:

typed_chars.pop(0)

# Check for new suspicious keywords

typed_str = ''.join(typed_chars)

for keyword in suspicious_keywords:

 if keyword in typed_str and keyword not in detected_keywords:

print(f"[!] Suspicious keyword typed: '{keyword}'")

detected_keywords.add(keyword)

print(f"[KEY] {key.char}")

except AttributeError:

print(f"[KEY] {key}")

# Reset detection set if a long gap of unrelated typing happens

def reset_detection():

global detected_keywords

while True:

time.sleep(15)

detected_keywords.clear()

# Keyboard release handler

def on_release(key):

if key == Key.esc:

print("[INFO] ESC pressed. Exiting...")

return False # Stop listener

# Process monitoring loop

def monitor_system():

while True:

check_processes()

time.sleep(10)

# Keyboard monitoring loop

def monitor_keyboard():

with Listener(on_press=on_press, on_release=on_release) as listener:

listener.join()

# Start all threads

if _name_ == "_main_":

print("[INFO] Starting Keylogger Detector with Keystroke Watch...")

system_thread = threading.Thread(target=monitor_system)

keyboard_thread = threading.Thread(target=monitor_keyboard)

reset_thread = threading.Thread(target=reset_detection)

system_thread.start()

keyboard_thread.start()

reset_thread.start()
 Output
  Conclusion
This program acts as a basic but effective Keylogger Detection Tool. It
is useful in Information Security education for understanding how
malicious activity can be detected using Python scripting. While not a
replacement for commercial anti-spyware, it demonstrates:

 Real-time system process scanning

 Keystroke monitoring
 Use of multithreading for continuous protection