A keylogger is a type of malware (or sometimes hardware) that secretly records every keystroke a user types, letting an adversary capture usernames, passwords, and other sensitive data as it's entered.
A keylogger is exactly what it sounds like: software (or sometimes a small hardware device) that logs the keys you press. Once it's installed, it quietly records everything you type, like login credentials, credit card numbers, or private messages, and ships that data back to an adversary. It falls under malware, the malicious software defined in EK 4.1.B.1 that lets an adversary access a device and the data on it.
Keyloggers are a textbook example of exploiting a device to "view user actions" (EK 4.1.C.1). They don't crash your system or hold it for ransom. Their whole job is to sit invisibly and harvest information. That makes them a classic confidentiality threat: the device keeps working normally while your secrets leak out. A keylogger often arrives bundled with other malware, like a trojan that installs it silently, which is why it pairs naturally with the broader attack chain in Topic 4.1.
Keyloggers live in Unit 4: Securing Devices, specifically Topic 4.1 Device Vulnerabilities and Attacks. They support AP Cybersecurity 4.1.B (identifying the type of malware used in a cyberattack) and 4.1.C (explaining how adversaries exploit device vulnerabilities to cause loss or disruption). The keylogger is the go-to answer whenever a scenario describes an adversary capturing what a user types, especially credentials. Tie it to the CIA triad and it's primarily a confidentiality attack: the data's integrity and availability stay intact, but it's no longer secret.
Keep studying AP Cybersecurity Unit 4
Visual cheatsheet
view galleryRemote Access Trojan (RAT) (Unit 4)
A RAT is often the delivery vehicle that quietly installs a keylogger. The RAT gives the attacker control of the device, and the keylogger is the tool that scoops up keystrokes once they're in.
Malware (Unit 4)
A keylogger is one specific flavor of malware (EK 4.1.B.1). On the exam, you classify it under the malware umbrella, then pick the precise type based on what the attacker is doing (capturing keystrokes).
Weak Authentication and Stolen Credentials (Unit 4)
EK 4.1.C.2 covers adversaries guessing passwords, but a keylogger skips the guessing entirely. It just reads the password as you type it, which is why it threatens even strong, unguessable passwords.
Anti-malware (Unit 4)
Anti-malware is the defensive counterpart. It scans for and removes keyloggers, which is why keeping it updated is the standard mitigation when a device vulnerability scenario asks how to reduce risk.
Expect keyloggers as the right answer to malware-identification multiple-choice stems. A common pattern: an adversary wants to steal login credentials by capturing a username and password "as they type" them. That phrasing, capturing keystrokes, points straight at a keylogger over a virus, worm, or ransomware. On free response tied to 4.1.C and 4.1.D, you might explain how an adversary uses a keylogger to "view user actions" and steal data, then assess the risk and recommend a mitigation like anti-malware or multi-factor authentication. The skill is matching the attacker's goal (harvesting typed data) to the correct malware type and naming a sensible defense.
A keylogger's whole purpose is to record keystrokes, nothing more. A RAT gives the attacker full remote control of the device, like running commands, accessing files, or turning on the webcam. They often work together (the RAT installs the keylogger), but if the question emphasizes capturing what's typed, choose keylogger; if it emphasizes remote control of the whole system, choose RAT.
A keylogger is malware that secretly records every keystroke to steal credentials and other typed data.
It's primarily a confidentiality attack: the device keeps working while your secrets leak out.
When a scenario says an adversary captures a username and password "as they type," the answer is a keylogger.
Keyloggers map to EK 4.1.B (malware type) and EK 4.1.C.1 (viewing user actions), both in Unit 4.
A RAT or trojan often delivers a keylogger, so they show up together in attack-chain questions.
Even a strong password fails against a keylogger, which is why multi-factor authentication and anti-malware are the go-to defenses.
It's a type of malware (under EK 4.1.B) that secretly records every key you press, letting an adversary capture passwords, credit card numbers, and other sensitive data as you type it. It's covered in Unit 4, Topic 4.1.
No. A virus needs a user to execute or open a file to activate and spread, while a keylogger's defining trait is recording keystrokes. A keylogger can be delivered by a virus or trojan, but on the exam you classify it by what it does (capturing typed data), not how it arrived.
A keylogger only records what you type. A RAT (Remote Access Trojan) gives an attacker full control of your device, including running commands and accessing files. They often work together, but pick keylogger when the question stresses capturing keystrokes and RAT when it stresses remote control.
Because the keylogger reads your password while you type it, no matter how complex it is. That's why the standard defenses are multi-factor authentication and updated anti-malware rather than just a longer password.
Mainly confidentiality. The device keeps functioning and the data stays intact and available, but the attacker now knows things they shouldn't, like your login credentials.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.