Here’s how to protect your Mac from keyloggers

If you’re worried that a keylogger is recording your Mac’s keyboard, there are a number of steps you can take to find out and then remove it.

How do keyloggers work?

Keyloggers record the keystrokes typed on your Mac’s keyboard. There are two types of keyloggers, software- and hardware-based, which connect to the USB port on your Mac. Once the keystrokes have been recorded, anyone with access to the keylogger can see what has been typed on the keyboard, including usernames, passwords, bank details, and even the content of your messages and emails. 

Is keylogger malware? 

The nature of a keylogger is dual, meaning it can be good or evil depending on how it is used. For some, it’s threatening malware, for others - useful software installed on Mac devices. An example of a keylogger that is used for good can be parental control. Also, if the keylogger is equipped with a geolocation feature, it can be used to locate Mac that was stolen.

While there are lots of legitimate (depending on your point of view) uses of keyloggers, there are also lots of ways in which they’re used unethically and even illegally.

Who uses keyloggers?

Keyloggers can be used by ordinary people like parents who wish to monitor their children's computers. But the danger lies in other kinds of users - hackers. They use keyloggers to discover and steal passwords or other confidential information. So it’s important to know how to protect your data and your Mac.

Can Macs get keyloggers?

Yes, there are several keyloggers available for the Mac. Known Mac keyloggers include Aobo Mac Keylogger, Refog Keylogger, and Spyrix Keylogger for Mac. They are among the top 10 Mac keyloggers.

How to check your Mac for keyloggers

In case you're asking yourself how to detect keylogger, the first thing to do is to check for a hardware keylogger. If you use an external keyboard, this is likely to be plugged into your keyboard or somewhere between your keyboard and your Mac.

If there’s no sign of a hardware keylogger, the next step is to launch Activity Monitor. 

  1. Go to Applications > Utilities and double-click Activity Monitor.
  2. Check for processes that look like they might be keyboard loggers. For example, the Spyrix Keylogger appears in Activity Monitor as skm.
  3. If you find one, write down its name.
  4. Go to Applications > Utilities and launch Terminal.
  5. Type: man [name of process] – where [name of process] is the process you wrote down. Type its name without the square brackets.
  6. You should see a description of the process in the Terminal window.

This method will work for you if you know all apps that are running on your Mac. If the keyboard logger was installed by malware, it would likely send back the keystrokes log to a remote server, known as ‘phoning home’. You can check for keylogger with an app called Little Snitch, which alerts you whenever a process on your Mac phone’s home and allows you to block it.

What should I do if I find a keyboard logger?

There are two possibilities if you find a keyboard logger on your Mac: that someone put it there deliberately by sitting in front of your Mac and fitting or installing it, or that you downloaded malware that contained the keyboard logger. In the latter situation, you should attempt to remove it using the steps below. However, if an employer installed it on your work Mac, you should speak to them.

How to remove a keylogger

If the keyboard logger was installed via malware, you could get rid of it using antivirus software. For example, there are several antivirus tools for Mac, like BitDefender or Avast, that you can download free and use to scan your Mac. Depending on the application, you may have to pay for a full version to get rid of any malware it finds.

Another option how to remove keylogger is to use CleanMyMac X. CleanMyMac X has a malware removal tool that has a regularly updated database of known malicious code. You can use that to scan your Mac at the press of a button. If CleanMyMac X finds anything, all it takes is a press of another button to remove it.

Removing malware files

If you’ve tried running a malware removal or antivirus tool and still suspect you may have a keylogger on your Mac, your next option might be to perform a clean install of macOS. Make sure you backup your data before you do. But don’t restore from the backup — that will reinstall the keylogger. Instead, once you’ve erased your boot drive and reinstalled the OS, start installing applications one by one, then copy your data manually from the backup. 

How can I protect my Mac from keyloggers?

You can protect your Mac from hardware keyloggers by never leaving it unattended. That may not be possible, of course, especially in a work environment, so if you suspect someone will attempt to fit one, check your Mac every time you return to it. 

Implementing the usual common sense approach to using your Mac will also help protect you from keyloggers since those downloaded as malware rely on your clicking a link to download them.

  1. Don’t click on a link in any email message unless you’re certain where the email has come from and where the link leads. 
  2. Install an ad-blocker in your web browser.
  3. Heed the warning if your browser tells you a site you’re about to visit is unsafe.
  4. Ignore pop-ups telling you that you need to update Flash or any other part of your Mac.
  5. Use strong passwords and keep them safe in a password manager, rather than writing them down. 
  6. Use CleanMyMac X or an antivirus tool to scan your Mac regularly.

Discovering a keylogger on your Mac is at best unsettling and, at worst, distressing, particularly if you don’t know who put it there or why. However, there are several ways to remove it, whether it’s hardware or software. And once you’ve got rid of it, using the steps described above should make sure you never have to worry about finding one again.

Laptop with CleanMyMac
CleanMyMac X

Your Mac. As good as new.