Here’s how to protect your Mac from keyloggers

If you’re worried that a keylogger is recording your Mac’s keyboard, there are a number of steps you can take to find out and then remove it.

How do keyloggers work?

Keyloggers record the keystrokes typed on your Mac’s keyboard. There are two types of keyloggers, sofware- and hardware-based, which connect to a USB port on your Mac. Once the keystrokes have been recorded, anyone with access to the keylogger can see what has been typed on the keyboard, including usernames, passwords, bank details, and the content of instant messages and emails. Hackers use keyloggers to do just that. 

Who uses keyloggers?

There are lots of instances where keyloggers can be used, from parents who want to monitor their children’s computer use or companies that want to snoop on employees to hackers who use them to try and discover passwords.

While there are lots of legitimate (depending on your point of view) uses of keyloggers, there are also lots of ways in which they’re used unethically and in some cases illegally, so it’s important to know how to protect your Mac.

Can Macs get keyloggers?

Yes, there are several keyloggers available for the Mac. Known Mac keyloggers include Aobo Mac Keylogger, Refog Keylogger, and Spyrix Keylogger for Mac. They are among the top 10 Mac keyloggers.

How to check your Mac for keyloggers

The first thing to do is to check for a hardware keylogger. If you use an external keyboard, this is likely to be plugged into your keyboard or somewhere between your keyboard and your Mac.

If there’s no sign of a hardware keylogger, the next step is to launch Activity Monitor. 

  1. Go to Applications > Utilities and double-click Activity Monitor.
  2. Check for processes that look like they might be keyboard loggers. For example, the Spyrix Keylogger appears in Activity Monitor as skm.
  3. If you find one, write down its name.
  4. Go to Applications > Utilities and launch Terminal.
  5. Type: man [name of process] – where [name of process] is the process you wrote down. Type its name without the square brackets.
  6. You should see a description of the process in the Terminal window.

This method will work for you if you know all apps that are running on your Mac. If the keyboard logger was installed by malware, it would likely send back the keystrokes log to a remote server, known as ‘phoning home’. You can check for this by using an app called Little Snitch, which alerts you whenever a process on your Mac phone’s home and allows you to block it.

What should I do if I find a keyboard logger?

There are two possibilities if you find a keyboard logger on your Mac: that someone put it there deliberately by sitting in front of your Mac and fitting or installing it, or that you downloaded malware that contained the keyboard logger. In the latter situation, you should attempt to remove it using the steps below. However, if an employer installed it on your work Mac, you should speak to them.

How to remove a keylogger

If the keyboard logger was installed via malware, you could get rid of it using antivirus software. For example, there are several antivirus tools for Mac, like BitDefender or Avast, that you can download free and use to scan your Mac. Depending on the application, you may have to pay for a full version to get rid of any malware it finds.

Another option is to use CleanMyMac X. CleanMyMac X has a malware removal tool that has a regularly updated database of known malicious code. You can use that to scan your Mac at the press of a button. If CleanMyMac X finds anything, all it takes is a press of another button to remove it.

Removing malware files

If you’ve tried running a malware removal or antivirus tool and still suspect you may have a keylogger on your Mac, your next option might be to perform a clean install of macOS. Make sure you backup your data before you do. But don’t restore from the backup — that will reinstall the keylogger. Instead, once you’ve erased your boot drive and reinstalled the OS, start installing applications one by one, then copy your data manually from the backup. 

How can I protect my Mac from keyloggers?

You can protect your Mac from hardware keyloggers by never leaving it unattended. That may not be possible, of course, especially in a work environment, so if you suspect someone will attempt to fit one, check your Mac every time you return to it. 

Implementing the usual common sense approach to using your Mac will also help protect you from keyloggers since those downloaded as malware relies on your clicking a link to download them.

  1. Don’t click on a link in any email message unless you’re certain where the email has come from and where the link leads. 
  2. Install an ad-blocker in your web browser.
  3. Heed the warning if your browser tells you a site you’re about to visit is unsafe.
  4. Ignore pop-ups telling you that you need to update Flash or any other part of your Mac.
  5. Use strong passwords and keep them safe in a password manager, rather than writing them down. 
  6. Use CleanMyMac X or an antivirus tool to scan your Mac regularly.

Discovering a keylogger on your Mac is at best unsettling and, at worst, distressing, particularly if you don’t know who put it there or why. However, there are several ways to remove it, whether it’s hardware or software. And once you’ve got rid of it, using the steps described above should make sure you never have to worry about finding one again.

Laptop with CleanMyMac
CleanMyMac X

Your Mac. As good as new.