< The MacPaw How-tos

Here’s how to protect your Mac from keyloggers



If you’re worried that your Mac’s keyboard is being recorded by a keylogger there are a number of steps you can take to find out and then remove it.

How do keyloggers work?

Keyloggers record the keystrokes typed on your Mac’s keyboard. There are two types of keyloggers, sofware- and hardware-based, which connect to a USB port on your Mac. Once the keystrokes have been recorded, anyone with access to the keylogger can see what has been typed on the keyboard, including usernames, passwords, bank details, and the content of instant messages and emails. Hackers use keyloggers to do just that. 

Who uses keyloggers?

There are lots of instances where keyloggers can be used, from parents who want to monitor their children’s computer use or companies that want to snoop on employees, to hackers who use them to try and discover passwords.

While there are lots of legitimate (depending on your point of view) uses of keyloggers, there are also lots of ways in which they’re used unethically and in some cases illegally, so it’s important to know how to protect your Mac.

Can Macs get keyloggers?

Yes, there are several keyloggers available for the Mac. Known Mac keyloggers include Aobo Mac Keylogger, Refog Keylogger, and Spyrix Keylogger for Mac. They are among the top 10 Mac keyloggers.

How to check your Mac for keyloggers

The first thing to do is to check for a hardware keylogger. This is likely to be plugged into your keyboard or somewhere between your keyboard and your Mac –if you use an external keyboard.

If there’s no sign of a hardware keylogger, the next step is to launch Activity Monitor. 

1. Go to Applications>Utilities and double-click Activity Monitor

2. Check for processes that look like they might be keyboard loggers

3. If you find one, write down its name

4. Go to Applications>Utilities and launch Terminal

5. Type: man [name of process] – where [name of process] is the process you wrote down. Type it’s name without the square brackets

6. You should see a description of the process in the Terminal window

If the keyboard logger was installed by malware, it will likely be sending back the log of keystrokes to a remote server, known as ‘phoning home’. You can check for this by using an app called Little Snitch, which alerts you whenever a process on your Mac phone’s home and allows you to block it.


What should I do if I find a keyboard logger?

There are two possibilities if you find a keyboard logger on your Mac: that someone put it there deliberately by sitting in front of your Mac and fitting or installing it, or that you downloaded malware that contained the keyboard logger. In the latter situation, you should attempt to remove it using the steps below. However, if it was installed by, say an employer on your work Mac, you should speak to them.

How to remove a keylogger

If the keyboard logger was installed via malware, you can get rid of it using antivirus software. There are several antivirus tools for Mac, like BitDefender or Avast, for example, that you can download free and use to scan your Mac. Depending on the application, you may then have to pay for a full version to get rid of any malware it finds.

Another option is to use CleanMyMac X. CleanMyMac X has a malware removal tool that has a regularly-updated database of known malicious code. You can use that to scan your Mac at the press of a button. If CleanMyMac X finds anything, all it takes as a press of another button to remove it.


If you’ve tried running a malware removal or antivirus tool and still suspect you may have a keylogger on your Mac, your next option might be to perform a clean install of macOS. Make sure you backup your data before you do. But don’t restore from the backup — that will reinstall the keylogger. Instead, once you’ve erased your boot drive and reinstalled the OS, start installing applications one by one, then copy your data manually from the backup. 

How can I protect my Mac from keyloggers?

You can protect your Mac from hardware keyloggers by never leaving it unattended. That may not be possible, of course, especially in a work environment, so if you suspect someone will attempt to fit one, check your Mac every time you return to it. 

Implementing the usual common sense approach to using your Mac will also help protect you from keyloggers, since those downloaded as malware rely on your clicking a link to download them.

1. Don’t click in a link in any email message unless you’re certain where the email has come from and where the link leads. 

2. Install an ad-blocker in your web browser

3. Heed the warning if your browser tells you a site you’re about to visit is unsafe

4. Ignore pop-ups telling you that you need to update Flash or any other part of your Mac

5. Use strong passwords and keep them safe in a password manager, rather than writing them down 

6. Use CleanMyMac X or an antivirus tool to scan your Mac regularly

Discovering a keylogger on your Mac is at best unsettling and at worst, distressing, particularly if you don’t know who put it there or why. However, there are several ways to remove it, whether it’s hardware or software. And once you’ve got rid of it, using the steps described above should makes sure you never have to worry about finding one again.



Share it! Knowledge is power:
MacPaw uses cookies to personalize your experience on our website. By continuing to use this site, you agree to our cookie policy. Click here to learn more.