Cyber Doc logo Cyber Doc
Cybersecurity Term

What is a keylogger?

Software or malware that records what users type, often to capture passwords or sensitive information.

Malware & Ransomware Last reviewed: 2026-05-20

← Back to Learn Centre

What is a keylogger?

A keylogger records keystrokes, often to capture passwords, messages, or sensitive business information.

Simple example

An infected computer records login details as the user signs in to email and accounting systems.

Why it matters

Keyloggers can expose credentials and confidential data without obvious visible signs.

Common warning signs

  • The activity is unexpected or unusual for the business context.
  • The request or system behaviour creates pressure to act quickly.
  • Normal approval, verification, or security processes are bypassed.
  • There are signs of unauthorised access, data exposure, or system change.
  • Staff are unsure whether the request, message, or system behaviour is legitimate.

Cyber Doc view

This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.

What to do

Proactive steps

  • Use endpoint protection and keep devices updated.
  • Avoid installing unknown software.
  • Use MFA to reduce the impact of stolen passwords.
  • Limit administrator rights.
  • Use password managers where possible because they reduce typed passwords.

Reactive steps

  • Stop using the affected device for logins.
  • Change passwords from a known-clean device.
  • Review account sign-in history.
  • Scan or rebuild the affected device as appropriate.
  • Monitor for misuse of exposed accounts.

Related terms

  • Malware
  • Credential theft
  • Endpoint protection