Helping people with computers... one answer at a time.

Malware and keyloggers on your machine can do anything, which includes cut and paste, drag and drop, screen keypads and more. Prevention is the only cure. To be safe, you need to protect yourself from all kinds of malware.

I use Keypass to store my passwords to various sites. Will keyloggers be able to get the login information when we use the drag and drop procedure? How about the password when we type to open the Keypass utility?

In this excerpt from Answercast #13, I look at what keyloggers might be doing on your computer, how to protect your valuable information, and how to stay safe on the internet.

Keyloggers can do anything

If you have malware on your machine (and make no mistake about it, keyloggers are malware), then the malware can do anything. I want to emphasize the anything.

We often talk about keyloggers and the answer is, "Absolutely!" If a keylogger is only logging keystrokes, great... don't use a keystroke and chances are what you're doing won't be logged.

The problem is that oversimplifies a much larger problem.

People think they are safe because they've avoided this keystroke issue, when in fact, they're just as vulnerable as before because malware is more than keyloggers. Malware can monitor whatever you do.

Malware can track you

So, for example, if you use drag and drop, what you're really doing is using a form of copy/paste. The important thing here is that if it's written properly, malware can insert itself into the drag and drop process and see what you're doing. Malware can certainly hook itself into whatever Keypass uses when it's accepting the password from you.

So, absolutely, malware can certainly record the password that you type into Keypass or any other password vault.

What is being recorded?

People have talked about using onscreen keyboards. They've used scrambling software. They've used all sorts of things.

  • And absolutely, if the malware is only recording keystrokes, and you don't use keystrokes, it's not going to be recorded.

But how do you know? The malware could easily be taking a screen shot; they could be monitoring other things in addition to keystrokes. You simply don't know that you're safe.

Protect yourself from all malware

Do not assume that if you've protected yourself from keyloggers; you've actually protected yourself.

You must make sure that you're protecting yourself from all forms of malware before you can start to consider yourself even close to safe when it comes to this kind of hacking or malware intrusion.

End of Answercast #13 Back to - Audio Segment

Article C5278 - April 30, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

1 Comment
Spying via keylogger spyware is a federal crime
May 1, 2012 9:16 AM

"You must make sure that you're protecting yourself from all forms of malware before you can start to consider yourself even close to safe when it comes to this kind of hacking or malware intrusion."

By "protecting yourself," are you advising people to:

1. Learn how to flatten and rebuild their own computers and reinstall programs (including anti-virus software) and install software updates from their original source(s); and

2. Automatically delete emails from people whom and sources that they do not know; and not to visit disreputable web sites?

Last year, I took my infected computer to several technicians, who took my money yet left some (if not all) of the malware on my hard drive.

I found circumstantial evidence that an out-of-state psychopath finally stopped spying on me once I'd flattened and rebuilt my computer and stopped opening his emails.

Don't trust anyone who claims they can or will remove malware from your computer. Instead, consider flattening and rebuilding your computer yourself. You might find the process to be time-consuming (~ 24 hours for a PC; ~ 2 to 8 hours for a Mac with encryption) but easy.

Is this what you mean, Leo?

P.S. Any chance the FBI will ever take spying via keylogger spyware seriously and/or the source of such spyware will become easier to trace for the purpose of a criminal investigation?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.