What is a keylogger and how would I know if one is on my device?
A keylogger records every keystroke you make, capturing passwords and personal data; most keyloggers arrive via malware and can be detected through security software and careful monitoring of unusual device behaviour.
Last reviewed: 10 June 2026
Explanation
A keylogger is a piece of software (or in rare cases hardware) that records every key you press and sends those logs to an attacker. Because everything you type passes through it — passwords, credit card numbers, messages, search queries — a keylogger is among the most comprehensive data-theft tools.
Software keyloggers typically arrive bundled with malware from malicious downloads, phishing email attachments, or infected websites exploiting browser vulnerabilities. They operate silently in the background and may run as a process disguised with a legitimate-sounding name. Some are packaged within pirated software, games, or utilities available from unofficial sources.
Hardware keyloggers are physical devices plugged between a keyboard and a computer, or built into a malicious keyboard or USB device. These are typically used in targeted attacks in shared-access environments (offices, shared computers, hotel business centres).
Detection: reputable antivirus and anti-malware software catches most software keyloggers during scheduled scans. Signs of an active keylogger can include slightly increased CPU usage, higher than normal background data transmission, and disk activity when you're not actively doing anything. Task Manager (Windows) or Activity Monitor (Mac) can reveal suspicious processes, though well-designed keyloggers may disguise themselves.
If you suspect a keylogger, run a full malware scan, then change all your passwords from a clean device after the suspected keylogger is removed. On shared computers (libraries, hotels), never enter passwords — use your phone or a trusted personal device instead.
Common red flags
- You downloaded software from an unofficial source and notice unusual device behaviour after
- You opened an email attachment and your computer started behaving differently
- CPU or disk usage is elevated when the device appears idle
- Passwords to your accounts were used without your knowledge after you typed them on a specific device
- You used a public or shared computer to log in to sensitive accounts
What to do now
- Run a full malware scan with an up-to-date security tool (Malwarebytes, Windows Defender Offline)
- If keylogger malware is found, remove it, then change all passwords from a clean device
- Never enter passwords on public or shared computers — use your own device
- Inspect USB ports on any computer in a shared environment for physical keylogger devices
- Consider using a password manager with auto-fill — this types for you rather than using keyboard input, bypassing some keylogger designs
- Keep OS and browser updated to close the vulnerabilities keyloggers exploit
Frequently asked questions
Does a password manager protect me from keyloggers?
Partially. Password managers auto-fill credentials without keyboard strokes in many cases, which can bypass keystroke-based keyloggers. However, some advanced keyloggers capture clipboard content and form data rather than just keystrokes.
Are hardware keyloggers common?
Very rare for most consumers. They primarily appear in targeted attacks on specific individuals or in tampered shared terminals. Physical inspection of unfamiliar USB devices and keyboards in shared environments is sufficient protection.