1 of 8

Python Keylogger Install and Detection

By Cameron D. Harding

2 of 8

What is a Keylogger?

  • A keylogger records a users keystrokes on a machine.

  • They are used to capture sensitive information such as logins, communication, financial info, and more!

  • They can be installed on most devices and can be ran covertly.

  • Logged keystrokes can be sent to a file on the local machine or set up to be sent to an email server.

3 of 8

Background

  • Keyloggers are not a well known form of attack.

  • Very few people are aware of when a keylogger is present on their device.

  • Even fewer know how to detect one or get rid of it once they find it.

  • Everyone types in passwords, credit card info, etc. on a daily basis.

  • I chose this topic because of the applicability to everyone.

  • Installation of this keylogger and many others require knowledge of Python scripting.

4 of 8

Demonstration Briefing

  • This particular keylogger requires the use of Pynput

  • If Pynput is not already installed it must be installed with the command: “sudo pip3 install pynput”

  • For time purposes I did not write the script during the demonstration but it will be displayed.

  • After the script is running I will demonstrate the keylogger functioning and the stored keystrokes

5 of 8

Python Script

  • The keylogger script is displayed here and will be displayed in the demonstration briefly.

6 of 8

Demonstration Video

7 of 8

Demo Summary

  • The keylogger actively stores keystrokes into a text file on the machine.

  • Most keyloggers will be setup to send logged keystrokes to a mail server.

  • The logger can also be ran covertly to be persistent even after the terminal has been closed.

8 of 8

Detection and Mitigation

  • The sad truth is once a keylogger has been installed on your machine there has been information stolen.

  • The first line of defense is you!

  • Keep updated anti-virus/malware.

  • Check for running tasks in the background.

  • Make sure to be aware of logins from suspicious locations.

  • Check network traffic for information leaving your system.