Mac Keyloggers

Disclaimer
If you think you have a keylogger on your Mac, be afraid. Be very afraid. If someone who knows what they’re doing gets a hold of your baby for longer than a few minute, there’s no telling what they could do – finding a keylogger does not mean that is the only thing they’ve done. In fact, finding one is a good thing, because it tells you to back your media and documents and BURN that hard drive.  Buy a new one. I’m not kidding. Also, change all your passwords, to EVERYTHING. And use real passwords. Please. Ok, now on the apps.
Some of this info was taken from http://mackeyloggerprotection.com/ (which looks like it was written to get hits about five years ago – and a bunch of other places – but I’ve found keyloggers are things that sixteen year olds and the French write when they’re angry or bored. Because the Mac actually is a really well made system, keyloggers are few and far between, but they do exist. Most of them are pretty stupid, and will stand out in the Activity Monitor like a sore thumb. Best bet though, simply reinstall your machine.

First run some antivirus stuff – I know I know, Macs blah blah blah, but it can’t hurt can it?
http://www.iantivirus.com has all of these guys on their threat list. It doesn’t explicitly state that it gets rid of them, but it would be odd to just list them… right?
ClamAV’s OSX port also should be worth a try – http://www.clamxav.com/
http://macscan.securemac.com/ MacScan also claims to be able to find this stuff… but who knows – I didn’t test it.

If you are simply paranoid, and think that a hacker has done something to you, you can install a outgoing TCP/IP monitor and see if anything is “phoning home” – Little Snitch (http://www.obdev.at/products/littlesnitch/index.html) is the easiest, and Tripwire (http://tripwire.darwinports.com/) works pretty well if you’re a Unix kinda peep.

LogKext (http://fsbsoftware.com/logKext.html)
This is the most common one used as far as I can tell. Its stealthy to an extent, but removable.
Verion 1.2
LogKextClient is used to uninstall your keylogger. Open logKextClient and use the command uninst to automatically uninstall logKext – so if you run “sudo logKextClient” and you get “sudo: logKextCient: command not found” you’re probably safe.
Version 2.1
Their manual states “A standalone script has been installed in your computer’s root directory that will uninstall logKext. It is called LogKextUninstall.command.” So a “locate .command” should give you a decent list.
Remove it:
Delete these files – see disclaimer
/System/Library/Extensions/logKext.kext
/System/Library/Filesystems/logKextDaemon
/System/Library/LaunchDaemons/logKext.plist
/usr/bin/logKextClient

BlazingTools Perfect Keylogger for Mac (http://www.blazingtools.com/)

There is little to no documentation on this one. If anyone buys a copy and wants to rip it apart, please tell me. Thanks
Keyboard Spy 3.0 (http://alphaomega.software.free.fr/keyboardspy/Keyboard%20Spy.html)
Not particularly difficult to find or remove – look for “keyboardspy” in your activity monitor, or just look for the application of the same name – delete it and you’re done. I’d open it first to see where it is saving the log files (which it lets you name whatever you want) so you can delete those too.

Backtrack (http://www.modesittsoftware.com/Products/BackTrack/index.html)
Not really a true keylogger – it’s made for more ligitimate users wanting to track what they’re doing, but if someone thought you were pretty stupid, they might try it. Just look for a little revolver barrel icon in the system tray like in the pic.

TypeAgent (http://www.typeagent.com/index.html)
I only installed trial version… so I just did these two steps  – but it showed up in the activity monitor.
1. Open the app from the applications folder. In the menu that pops up, there will be a button saying “Uninstall Type Agent”.
2. If it isn’t in the applications folder, go to your harddisk> library > Startupitems and delete the folder saying “TypeAgent”.

KeystrokeRecorder (http://www.campsoftware.com/products/ksr.htm)
KeystrokeRecorder will only work if you check the ‘Enable access for assistive devices’ checkbox located in the ‘Universal Access’ System Preference pane. Simply go to the ‘Apple Menu’, choose ‘System Preferences’, then click ‘Universal Access’ – if assistive devices is checked, be suspicious (unless you’re blind or deaf or something)

7 Responses to Mac Keyloggers

  1. mortimer nova November 7, 2008 at 9:30 pm #

    i have nothing to contribute here except for this: http://web.archive.org/web/20060812183351/http://www.magiccrab.com/

  2. sheeshy August 9, 2009 at 5:24 am #

    you’re my hero

  3. Magiccrab August 10, 2009 at 7:56 pm #

    Um… 🙂

  4. keylogger Mac October 21, 2009 at 1:56 am #

    Also, there is a keylogger for mac named Aobo Mac keylogger, beware of this one too.

  5. Alec January 19, 2010 at 9:28 pm #

    It appears that a lot of these OS X keyloggers have dropped by the wayside. logKext is still going strong and probably the biggest threat as it could be rewritten (open source) to be malware. I’d be careful with some of the sneakier companies up there. Who’s guarding the foxes?

    Thank heavens for logKext. Without logKext these sneaks would be free to whack us for $50 to $130 (some of them are trying) for basic keylogging. Keylogging does have legitimate use: every had a browser window crash or redirect or a web app hiccup on submit? I have. Personally, I won’t start work without a keylogger.

  6. Muse June 11, 2010 at 6:19 am #

    What about keylogger try to use ProteMac KeyBag.It’s really good soft)

  7. Kassandra May 17, 2011 at 9:02 am #

    As for me i’m using Keystrokes Watch.
    Use it only for a week. Works well.
    Records everything!
    http://www.actymac.com/KeystrokesWatch/ – their site

Leave a Reply