Keylogger.

A keylogger captures keyboard input and either stores it locally or exfiltrates it to an attacker. Software keyloggers run as user-mode hooks (SetWindowsHookEx), kernel drivers, or malicious browser extensions; hardware keyloggers sit inline between keyboard and computer or hide inside modified peripherals. Attackers use them to harvest credentials, manually typed OTPs, banking data, chat messages, and intellectual property, and they ship as standard modules of info-stealers, banking trojans, and espionage toolkits like Agent Tesla, HawkEye, and Snake Keylogger.

Keylogging is older than the PC. In one of the most elegant operations of the Cold War, the Soviets bugged IBM Selectric typewriters at the U.S. Embassy in Moscow from roughly 1976 to 1984: magnetometers hidden in a hollow support bar sensed the rotation and tilt of the printing "golf ball," then burst encrypted keystrokes over radio. The NSA's Project GUNMAN finally uncovered the implants after a technician spotted an extra coil in a power switch — proof that capturing what people type needs no software at all.

Defences include EDR with behavioural monitoring, phishing-resistant MFA based on hardware keys (FIDO2/WebAuthn) so a stolen password is useless, OS credential-input protections, physical inspection of workstation cables, and disabling unused USB ports.

flowchart LR
  K[User presses keys] --> C[Keylogger captures input]
  C --> S[Software hook / driver]
  C --> H[Hardware inline device]
  S --> E[Encode and buffer]
  H --> E
  E --> X[Exfiltrate to attacker C2]
  X --> U[Credential / data theft]