How to detect keyloggers

Of all the tools in a spy's kit, the keylogger is among the most dangerous, because it captures information at the source: as you type it. Passwords, private messages, search queries, banking details — anything entered on the keyboard can be recorded and sent to whoever planted it. Keyloggers exist for both computers and phones, and the good ones are designed to be invisible. But invisible is not the same as undetectable.

How keyloggers get onto a device

On computers, keyloggers usually arrive bundled with malware — a malicious download, a trojanised "crack", or a phishing attachment. On phones, software keyloggers most often masquerade as a custom keyboard app or abuse accessibility services to read what you type. There are also hardware keyloggers — small devices plugged between a keyboard and computer — though these require physical access and are rarer for individuals.

Warning signs

• Typing feels laggy. Some keyloggers intercept keystrokes, introducing a small but noticeable delay.
• Unexplained network activity. Captured keystrokes have to be sent somewhere, producing background data traffic.
• A keyboard app you did not install set as your default input method on a phone.
• Accounts compromised despite a strong, unique password — a classic sign that the password was captured as you typed it rather than guessed.
• Unfamiliar processes or startup entries on a computer.

Detecting a keylogger on your phone

Start with your keyboards: on Android, Settings → System → Languages & input → On-screen keyboard, and on iPhone, Settings → General → Keyboard → Keyboards. Remove any keyboard you do not recognise, and be wary of third-party keyboards with "full access" enabled, which lets them see everything you type. Then audit accessibility services — a keylogger frequently hides here, as covered in our permissions audit guide. Anything granting itself the ability to read screen content or input is a prime suspect.

Detecting a keylogger on a computer

1. Review running processes (Task Manager on Windows, Activity Monitor on macOS) for anything unfamiliar consuming resources or network.
2. Check startup programs — keyloggers want to launch automatically. Remove entries you cannot identify.
3. Inspect installed programs and browser extensions; malicious extensions can log everything typed into web pages.
4. Scan suspicious files. If you find an unknown executable, run it through our file scanner to check it against known keylogger and trojan families.

Removing a keylogger

Once identified, remove the offending app, keyboard, extension or program, then — critically — change every important password from a different, clean device, because the keylogger may already have captured them. Enable two-factor authentication so that even a stolen password is not enough to access your accounts. For a deeply compromised computer, a clean reinstall of the operating system is the most thorough fix. For a phone, a factory reset clears software keyloggers.

Preventing keyloggers

Keep your operating system and software updated, avoid pirated software and untrusted downloads, scan files before running them, deny "full access" to third-party keyboards unless you truly trust them, and use a password manager — which can autofill credentials without you typing them, sidestepping many keyloggers entirely. Pair these habits with real-time protection to catch a keylogger the moment it is installed.