A Project Report on

‘KEY LOGGER’

Submitted To

SUMAN
( E13883)

Submitted By

Aryan chhetri

(20BCA1132)

To Department of
UIC – BCA

DEPARTMENT OF COMPUTER
APPLICATIONS, UNIVERSITY INSTITUTE
OF COMPUTING,
CHANDIGARH UNIVERSITY, INDIA.

MARCH, 2023

1
 BONAFIDE CERTIFICATE

Certified that this project report “Key logger ” is the Bonafide

work of “Aryan Chhetri” who carried out the project work under
my/our supervision.

Signature of the Head of the Department Signature of the Supervisor

Signature Signature

Dr. Kavita Gupta Mrs. Suman

Academic designation

UIC/BCA

Submitted for the project viva-voice examination held

Internal Examiner External Examiner

2
 DECLARATION BY THE CANDIDATE

I hereby declare that the project report entitled “Key logger ” submitted
by group members to Department of Computer Applications, University
Institute of Computing, Chandigarh University, India in partial fulfillment of
the requirement for the award of degree “Bachelor of Computer Application
(BCA)”is a major project work carried out by me under the guidance of
Mrs.Suman .I further declare that the work reported in this project has not been
submitted and will not be submitted, either in part or in full, for the award of any
other degree or diploma in this institute or any other institute or university.

Aryan

chherti

(20BCA1132)

3
 ACKNOWLEDGEMENT

I take immense pleasure in thanking our H.O.D Dr. Kavita

Gupta for permitting me to carry out this minor project work. I wish to
express my deep sense of gratitude to my Guide Mrs.Suman for her able
guidance and useful suggestions, which helped me in completing the
project work, in time. Words are inadequate in offering my thanks for her
encouragement and cooperation in carrying out the project work. Finally,
yet importantly,I would like to express my heartfelt thanks to my beloved
parents or their blessings, my friends & classmates for their help and
wishes for the successful completion of this project.

Aryan Chhetri (20BCA1132)

4
 ABSTRAT

Keyloggers is the action of recording the key stroke on a keyboard, typically in a

covert manner. Software Keyloggers are detected based on the behavioral
characteristics. They don't provide root privileges; detection is based on permission
from kernel and prone to many attacks. Software Keyloggers is a software program
that can be installed onto a computer, which monitors all the user activities on
computer. Keyloggers steal the confidential information and they completely run in
stealth mode. When Keyloggers is installed in a computer, it is not shown either in
start-up icons or anywhere else on the computer that is being monitored. Software
Keyloggers have posed a great threat to user privacy and security. Detection of
Keyloggers is difficult because they run in hidden mode. Detection of Software
Keyloggers is done using various technique namely Anti-Hook techniques,
HoneyID: Spyware detection, bot detection, safe access to password protected
accounts and dendritic cell algorithm. These algorithms are used to detect the
existence of Keyloggers in computer, which strengthens user privacy and security.

5
 सार

कीलॉगर्स कीबोर्ड पर कुंजी स्ट्रोक रिकॉर्ड

करने की क्रिया है, आमतौर पर गुप्त तरीके से।
सॉफ्टवेयर कीलॉगर्स की व्यवहारिक विशेषताओं
के आधार पर पहचान की जाती है। वे रूट
विशेषाधिकार प्रदान नहीं करते हैं; पता लगाना
कर्नेल से अनुमति पर आधारित है और कई हमलों की
संभावना है। सॉफ्टवेयर कीलॉगर्स एक
सॉफ्टवेयर प्रोग्राम है जिसे कंप्यूटर पर
इंस्टॉल किया जा सकता है, जो कंप्यूटर पर सभी
उपयोगकर्ता गतिविधियों पर नज़र रखता है।
कीलॉगर्स गोपनीय जानकारी चुराते हैं और वे
पूरी तरह से स्टील्थ मोड में चलते हैं। जब
किसी कंप्यूटर में कीलॉगर इंस्टॉल किया जाता
है, तो यह स्टार्ट-अप आइकन में या मॉनिटर किए
जा रहे कंप्यूटर पर कहीं और नहीं दिखाया जाता
है। सॉफ्टवेयर कीलॉगर्स ने उपयोगकर्ता की
गोपनीयता और सुरक्षा के लिए एक बड़ा खतरा
पैदा कर दिया है। कीलॉगर्स का पता लगाना
मुश्किल है क्योंकि वे हिडन मोड में चलते
हैं। सॉफ्टवेयर कीलॉगर्स का पता लगाने के लिए
एंटी-हुक तकनीक, हनीआईडी: स्पाइवेयर डिटेक्शन,
बॉट डिटेक्शन, पासवर्ड से सुरक्षित खातों तक
सुरक्षित पहुंच और डेंड्राइटिक सेल
एल्गोरिथम नामक विभिन्न तकनीकों का उपयोग

6
किया जाता है। इन एल्गोरिदम का उपयोग
कंप्यूटर में कीलॉगर्स के अस्तित्व का पता
लगाने के लिए किया जाता है, जो उपयोगकर्ता की
गोपनीयता और सुरक्षा को मजबूत करता है |

TABLE OF CONTENTS

 Bonafide certificate……………………………….. 2
 Declaration by the Candidate……………………… 3
 Acknowledgement…………………………………. 4
 Abstract…………………………………………….. 5
 Abstract (in Hindi Language) ……………………… 6

CHAPTER 1. INTRODUCTION........................................................................ 8
1.1. Identification of Client/ Need/ Relevant Contemporary issue................................ 9-10

1.2. Identification of Problem...........................................................................................11-13

1.3. Identification of Tasks........................................................................................ 13 - 17

1.4. Timeline .........................................................................................................................17

7
 CHAPTER-1

INTRODUCTION

Key loggers also known as keystroke loggers, may be defined as the recording of the key
pressed on a system and saved it to a file, and the that file is accessed by the person using this
malware. Key logger can be software or can be hardware. Working: Mainly key-loggers are
used to steal password or confidential details such as bank information etc. First key-logger
was invented in 1970’s and was a hardware key logger and first software key-logger was
developed in 1983. 1. Software key-loggers : Software key-loggers are the computer programs
which are developed to steal password from the victims computer. However key loggers are
used in IT organizations to troubleshoot technical problems with computers and business
networks. Also Microsoft windows 10 also has key-logger installed in it.
 JavaScript based key logger – It is a malicious script which is installed into a web page,
and listens for key to press such as oneKeyUp(). These scripts can be sent by various
methods, like sharing through social media, sending as a mail file, or RAT file.

 Form Based Key loggers – These are key-loggers which activates when a person fills a
form online and when click the button submit all the data or the words written is sent via
file on a computer. Some key-loggers works as a API in running application it looks like a
simple application and whenever a key is pressed it records it.

1. Hardware Key-loggers : These are not dependent on any software as these are hardware
key-loggers. keyboard hardware is a circuit which is attached in a keyboard itself that
whenever the key of that keyboard pressed it gets recorded.

 USB keylogger – There are USB connector key-loggers which has to be connected to a
computer and steals the data. Also some circuits are built into a keyboard so no external
wire i used or shows on the keyboard.

 Smartphone sensors – Some cool android tricks are also used as key loggers such as
android accelerometer sensor which when placed near to the keyboard can sense the
vibrations and the graph then used to convert it to sentences, this technique accuracy is
about 80%. Now a days crackers are using keystroke logging Trojan, it is a malware which
is sent to a victims computer to steal the data and login details.

8
1.1 Identification of Client/ Need / Relevant Contemporary issue

Keyloggers are tools that can record every keystroke that you type into a computer or mobile
keyboard. Because you interact with a device primarily through the keyboard, keyloggers can
record a lot of information about your activity. For example, keyloggers can track credit card
information that you enter, websites you visit and passwords you use.
Keyloggers aren’t always used for illegal purposes. Consider the following examples of legal
uses for keylogging software:

 Parents might use a keylogger to monitor a child’s screen time.

 Companies often use keylogger software as part of employee monitoring software to help
track employee productivity.

 Information technology departments can use keylogger software to troubleshoot issues on

a device.

While there are legal uses for keyloggers, malicious users commonly use keyloggers to
monitor your activity and commit cybercrimes.

 Information Captured by Keyloggers

When keyloggers run, they track every keystroke entered and save the data in a file. Hackers
can access this file later, or the keylogger software can automatically email the file to the
hacker. Some keyloggers, which are called screen recorders, can capture your full screen at
random intervals as well.

Keyloggers can recognize patterns in keystrokes to make it easier to identify sensitive

information. If a hacker is looking for password information, they can program the keylogger
to monitor for a particular keystroke, such as the at sign (@). Then, the software only notifies
them when you are likely entering password credentials alongside an email username. This
technique helps malicious users quickly identify sensitive information without needing to sift
through all your keystroke data.

9
 Danger of Keystroke Loggers

Unlike other forms of malware, keylogging malware doesn’t damage your computer or
operating system. The main danger of keyloggers is that malicious users can identify and
exploit your personal information. The following examples illustrate some of the risks of a
keylogger attack:
 Hackers can steal credit card information and make unauthorized purchases.

 Malicious users can log in to your email accounts and steal information or scam your
contacts.
 Hackers can log in to your bank accounts and transfer money out.

 Malicious users can access your company’s network and steal confidential information.

According to the Federal Bureau of Investigation, nearly every national security threat and
crime problem that they face includes a cyber component. A common threat that the FBI sees
across a variety of industries is a business email compromise. In this kind of attack, threat
actors send an email that looks like it’s coming from a known contact. Then, they use social
engineering and network intrusions to infiltrate companies.

One example of a business email compromise is when a criminal sends a message that appears
to come from a known vendor. The message might include an invoice with a changed mailing
address. If you don’t recognize the fraud, you could send payments to the wrong recipients.
Cybercriminals with access to your accounts from keylogger attacks can be more successful
because they can better imitate messages from vendors.

That’s why cybercriminals often use keyloggers to identify targets. By using a keylogger,
cybercriminals can understand more about their victim to help guide a sophisticated
attack. Social engineering strategies are more successful when cybercriminals use personal
and business information to gain the victim’s trust.

1
 1.2 Identification of Problem

 Types of Keyloggers and How They Work

There are two types of keyloggers: hardware keyloggers and software keyloggers. The two
types of keyloggers differ by the way that they log a keystroke. Both types of keyloggers can
be used for malicious purposes, including credential theft and identity theft.

 Types of Keyloggers

Hardware keyloggers are physical devices that record every keystroke. Cybercriminals can
disguise them in the computer cabling or in a USB adapter, making it hard for the victim to
detect. However, because you need physical access to the device to install a hardware
keylogger, it isn’t as commonly used in cyberattacks.

Software keyloggers don’t require physical access to a device. Instead, users download
software keyloggers onto the device. A user might download a software keylogger
intentionally or inadvertently along with malware.

There are many different varieties of software keyloggers, including the following types:

 Form-grabbing keyloggers record data entered into a field. This type of keylogging
software is typically deployed on a website rather than downloaded on a victim’s
computer. A hacker might use form grabbing keyloggers on a malicious website that
prompts victims to enter their credentials.

 JavaScript keyloggers are written in JavaScript code and injected into websites. This type
of keylogging software can run scripts to record every keystroke entered by website
visitors.

 API keyloggers use application programming interfaces running inside of applications to

record every keystroke. This type of keylogging software can record an event whenever
you press a key within the application.

1
 How Keyloggers Work

Keyloggers are spread in different ways, but all have the same purpose. They all record
information entered on a device and report the information to a recipient. Let’s take a look at a
few examples showing how keyloggers can spread by being installed on devices:

 Web page scripts. Hackers can insert malicious code on a web page. When you click an
infected link or visit a malicious website, the keylogger automatically downloads on your
device.

 Phishing. Hackers can use phishing emails, which are fraudulent messages designed to
look legitimate. When you click an infected link or open a malicious attachment, the
keylogger downloads on your device.

 Social engineering. Phishing is a type of social engineering, which is a strategy designed to

trick victims into divulging confidential information. Cybercriminals might pretend to be a
trusted contact to convince the recipient to open an attachment and download malware.

Unidentified software downloaded from the internet. Malicious users can embed keyloggers in
software downloaded from the internet. Along with the software you want to download, you
unknowingly download keylogging software.

 Safe Keyloggers

Keyloggers have a reputation of criminality, but there are safe and legal uses for keyloggers.
While laws vary depending on the state or country, keyloggers are generally considered legal
if you own the device. For example, you can monitor office computers if you own the
business. Similarly, you can monitor your own computer even if other people use it. However,
you cannot monitor a family member’s computer without his or her knowledge.

Another use case for safe and legal keylogging is during ethical hacking. Ethical hacking is a
strategy where a hacker attempts to legally break into computers or networks. Organizations
might use this strategy to test their cybersecurity.

 Protecting Yourself from Keyloggers

1
With access to your personal information, malicious users can cause a lot of damage.

It’s therefore important to protect yourself from keyloggers so you don’t become a victim. The
good news is that you can reduce the likelihood of an attack with behaviors and precautions.
According to Verizon’s 2022 Data Breach Investigations Report, 82% of breaches involve a
human element. By being aware of the dangers, you can bolster your cybersecurity and better
protect yourself against keylogging attacks.
 How to Protect Yourself Against Keylogging Attacks on Personal Devices

The best protection against keylogging attacks is education about how the attacks occur.
Consider the following precautions you can take to avoid becoming a victim:

 Verify that emails are sent from legitimate sources. Check for unusual email addresses and
consider whether requests are legitimate. For example, question whether your bank would
ask you to reset your password in an email. When in doubt, avoid clicking the link. You
can still perform the requested action, such as resetting your password, directly from your
bank’s portal.

 Verify that websites are legitimate. Cybercriminals often create convincing fake versions
of popular websites. Before entering personal information, such as a social security
number, check that the website has a digital certificate to validate its security.

 Use a unique and strong password. It’s important to use unique passwords so that
cybercriminals don’t have access to all your accounts if a password is compromised.

1.3 Identification of Tasks

Unlike other types of malicious program, keyloggers present no threat to the
system itself. Nevertheless, they can pose a serious threat to users, as they can be used to
intercept passwords and other confidential information entered via the keyboard. As a result,
cyber criminals can get PIN codes and account numbers for e-payment systems, passwords to
online gaming accounts, email addresses, user names, email passwords etc.

Once a cyber criminal has got hold of confidential user data, s/he can easily
transfer money from the user’s account or access the user’s online gaming account.
Unfortunately access to confidential data can sometimes have consequences which are far
more serious than an individual’s loss of a few dollars. Keyloggers can be used as tools in both
industrial and political espionage, accessing data which may include proprietary commercial
information and classified government material which could compromise the security of
1
commercial and state-owned organizations (for example, by stealing private encryption keys).

Keyloggers, phishing and social engineering (see ‘Computers, Networks and

Theft’) are currently the main methods being used in cyber fraud. Users who are aware of
security issues can easily protect themselves against phishing by ignoring phishing emails and
by not entering any personal information on suspicious websites. It is more difficult, however,
for users to combat keyloggers; the only possible method is to use an appropriate security
solution, as it’s usually impossible for a user to tell that a keylogger has been installed on his/
her machine.
According to Cristine Hoepers, the manager of Brazil’s Computer Emergency
Response Team, which works under the aegis of the country’s Internet Steering Committee,
keyloggers have pushed phishing out of first place as the most-used method in the theft of
confidential information. What’s more, keyloggers are becoming more sophisticated – they
track websites visited by the user and only log keystrokes entered on websites of particular
interest to the cyber criminal.
In recent years, we have seen a considerable increase in the number of different
kinds of malicious programs which have keylogging functionality. No Internet user is immune
to cyber criminals, no matter where in the world s/he is located and no matter what
organization s/he works for.

 How cyber criminals use keyloggers

One of the most publicized keylogging incidents recently was the theft of over
$1million from client accounts at the major Scandinavian bank Nordea. In August 2006
Nordea clients started to receive emails, allegedly from the bank, suggesting that they install
an antispam product, which was supposedly attached to the message. When a user opened the
file and downloaded it to his/ her computer, the machine would be infected with a well known
Trojan called Haxdoor. This would be activated when the victim registered at Nordea’s online
service, and the Trojan would display an error notification with a request to re-enter the
registration information. The keylogger incorporated in the Trojan would record data entered
by the bank’s clients, and later send this data to the cyber criminals’ server. This was how
cyber criminals were able to access client accounts, and transfer money from them. According
to Haxdoor’s author, the Trojan has also been used in attacks against Australian banks and
many others.

On January 24, 2004 the notorious Mydoom worm caused a major epidemic.
MyDoom broke the record previously set by Sobig, provoking the largest epidemic in Internet
history to date. The worm used social engineering methods and organized a DoS attack on
www.sco.com; the site was either unreachable or unstable for several months as a
consequence. The worm left a Trojan on infected computers which was subsequently used to
infect the victim machines with new modifications of the worm. The fact that MyDoom had a
keylogging function to harvest credit card numbers was not widely publicized in the media.
1
 In early 2005 the London police prevented a serious attempt to steal banking
data. After attacking a banking system, the cyber criminals had planned to steal $423 million
from Sumitomo Mitsui’s London-based offices. The main component of the Trojan used,
which was created by the 32-year-old Yeron Bolondi, was a keylogger that allowed the
criminals to track all the keystrokes entered when victims used the bank’s client interface.

In May 2005 a married couple was arrested in London who were charged with
developing malicious programs that were used by some Israeli companies in industrial
espionage. The scale of the espionage was shocking: the companies named by the Israeli
authorities in investigative reports included cellular providers like Cellcom and Pelephone,
and satellite television provider YES. According to reports, the Trojan was used to access
information relating to the PR agency Rani Rahav, whose clients included Partner
Communications (Israel’s second leading cellular services provider) and the HOT cable
television group. The Mayer company, which imports Volvo and Honda cars to Israel, was
suspected of committing industrial espionage against Champion Motors, which imports Audi
and Volkswagen cars to the country. Ruth Brier-Haephrati, who sold the keylogging Trojan
that her husband Michael Haephrati created, was sentenced to four years in jail, and Michael
received a two-year sentence.

In February 2006, the Brazilian police arrested 55 people involved in spreading

malicious programs which were used to steal user information and passwords to banking
systems. The keyloggers were activated when the users visited their banks’ websites, and
secretly tracked and subsequently sent all data entered on these pages to cyber criminals. The
total amount of money stolen from 200 client accounts at six of the country’s banks totaled
$4.7million.
At approximately the same time, a similar criminal grouping made up of young
(20 – 30 year old) Russians and Ukrainians was arrested. In late 2004, the group began
sending banking clients in France and a number of other countries email messages that
contained a malicious program – namely, a keylogger. Furthermore, these spy programs were
placed on specially created websites; users were lured to these sites using classic social
engineering methods. In the same way as in the cases described above, the program was
activated when users visited their banks’ websites, and the keylogger harvested all the
information entered by the user and sent it to the cyber criminals. In the course of eleven
months over one million dollars was stolen.

There are many more examples of cyber criminals using keyloggers – most
1
financial cybercrime is committed using keyloggers, since these programs are the most
comprehensive and reliable tool for tracking electronic information.

 Increased use of keyloggers by cyber criminals

The fact that cyber criminals choose to use keyloggers time and again is
confirmed by IT security companies.

One of VeriSign’s recent reports notes that in recent years, the company has
seen a rapid growth in the number of malicious programs that have keylogging functionality.

Source: iDefense, a VeriSign Company

One report issued by Symantec shows that almost 50% of malicious programs
detected by the company’s analysts during the past year do not pose a direct threat to
computers, but instead are used by cyber criminals to harvest personal user data.
According to research conducted by John Bambenek, an analyst at the SANS
Institute, approximately 10 million computers in the US alone are currently infected with a
malicious program which has a keylogging function. Using these figures, together with the
total number of American users of e-payment systems, possible losses are estimated to be
$24.3 million.

Kaspersky Lab is constantly detecting new malicious programs which have a

keylogging function. One of the first virus alerts on securelist.com, Kaspersky Lab’s dedicated
malware information site, was published on 15th June 2001. The warning related to
TROJ_LATINUS.SVR, a Trojan with a keylogging function. Since then, there has been a
steady stream of new keyloggers and new modifications. Kaspersky antivirus database
currently contain records for more than 300 families of keyloggers. This number does not
include keyloggers that are part of complex threats (i.e. in which the spy component provides
1
additional functionality).

Most modern malicious programs are hybrids which implement many different
technologies. Due to this, any category of malicious program may include programs with
keylogger (sub)functionality. The number of spy programs detected by Kaspersky Lab each
month is on the increase, and most of these programs use keylogging technology.

1.4 Timeline

1st-2nd week:

Researched on the topic - about project idea, planning etc.

1
1