The makers of MacScan, a popular malware scanner for Mac OS X machines, maintain a list on their website of the different types of Mac malware that their program helps to protect against. The list, in addition to providing a compelling argument for why to check out MacScan, also acts as one of the more comprehensive lists of known Mac OS X malware on the Internet. Looking at the list, it becomes clear that keystroke loggers are a serious problem for Mac users. Indeed, while the MacScan registry includes just shy of 50 different Trojan Horses, there are more than 70 keystroke loggers on the list—suggesting that keyloggers are more numerous than other types of malware on Mac computers.
What is a Keystroke Logger?
A keystroke logger—or a “keylogger,” as the term is often abbreviated—is malware that, once it is installed on your system, will monitor and record every key you press your keyboard. Think about how often you type—and what you type—and you will realize why keyloggers are so dangerous.
Anything you write in Microsoft Word; anything you enter into an Excel spreadsheet; any emails you send; any password you enter—be it for banking, email, social media, or other accounts; any information you enter in an application, from your address to your social security number; any information required to complete an online transaction, including your credit card number and confirmation code: with a keylogger, all of the keystrokes behind this information are recorded and sent remotely to whoever wrote the keylogger malware. In most cases, identity theft or drained bank accounts are the scariest potential consequences, but the possibilities are quite literally endless, especially considering how much information most of us type out on our computers every day.
How to Know if Your Mac is Getting “Keylogged”
The bad news with keyloggers is that, unlike other malware, they don’t make their presence known with popups, spammy hyperlinks, or other common symptoms of infection. Instead, the goal of a keystroke logger is to run unobtrusively on your system for a long time, to give the attacker the chance to gather more information about you. As a result, most keyloggers will run quietly and invisibly in the background, which means some users aren’t aware they’re being keylogged until someone is using their credit card numbers, logging into their accounts, or otherwise using types of sensitive personal information that no one but you should have.
As with other types of malware, the best ways to prevent keylogger installation are to avoid situations where you are downloading software or files from untrusted sources. Don’t click suspicious links, don’t download pirated content on P2P or torrent sites, and avoid downloading software from outside of the Apple App Store whenever possible. The last point is particularly important, since many keystroke loggers are bundled with freeware. Therefore, avoiding free software from untrusted developers is one of the best methods to keep yourself safe from keyloggers.
If you think your Mac is already infected with a keylogger, then you need to run a malware scan with a program specifically designed to detect and eliminate a wide range of keystroke loggers. You may already have anti-virus or anti-malware software on your computer, but not all programs of this ilk are designed to dig up malware that is as well hidden as the average keylogger. As mentioned at the beginning of this article, MacScan has a definition list of over 70 identified Mac keyloggers, and is a worthwhile piece of software to try out if you think someone might be monitoring your keyboard.