Malicious keylogger programs have become a prominent issue on the Internet and serve as a prime example of online theft. It can be said that those who steal intellectual property or user information are fueling the raging fire of keyloggers.
According to a recent report by iDefense, the number of keylogger programs has surged significantly this year. This is part of a wave of multifunctional malware that incorporates keylogging capabilities. Moreover, such software today is capable of evading antivirus and malicious software detection tools, making it extremely difficult to identify them.
By the end of this year, there will be at least 6,000 malicious keylogger programs distributed. This figure has increased by more than 2,000% compared to five years ago.
In fact, keyloggers have been around for many years and were also distributed as completely legal applications, serving as monitoring tools for individuals such as parents who want to oversee their children’s Internet access.
At times, security companies face significant challenges with commercial keylogger developers. Recently, the anti-spyware software company Sunbelt Software nearly faced a lawsuit from the British company RetroCoder for listing their SpyMon keylogger software in Sunbelt’s list of dangerous software. The end-user license agreement of SpyMon prohibits any antivirus and anti-spyware software companies from using or analyzing RetroCoder’s keylogger software.
Meanwhile, security firms have successfully developed signatures to help prevent malicious keylogger software from being installed on users’ computers. However, new programs with special signatures sourced from websites that allow the downloading of harmful code still emerge. In some cases, this harmful code is even sold to enable others to create various dangerous software variants.
Keyloggers are particularly prevalent in countries where online banking fraud is a significant issue, such as Brazil. Moreover, keyloggers are often bundled with certain trojans like Banker or PWSteal—trojans designed to spread keyloggers by prompting users to click on a link on a website.
Overall, keyloggers have nearly become a plague on the Internet today.
