---
title: "Keylogger — AP Cybersecurity Definition & Exam Guide"
description: "A keylogger is malware that records every keystroke to steal passwords and data. Learn how it fits Unit 4 device attacks and shows up on the AP Cybersecurity exam."
canonical: "https://fiveable.me/ap-cybersecurity/key-terms/keylogger"
type: "key-term"
subject: "AP Cybersecurity"
unit: "Unit 4"
---

# Keylogger — AP Cybersecurity Definition & Exam Guide

## Definition

A keylogger is a type of malware (or sometimes hardware) that secretly records every keystroke a user types, letting an adversary capture usernames, passwords, and other sensitive data as it's entered.

## What It Is

A keylogger is exactly what it sounds like: [software](/ap-cybersecurity/unit-4/protecting-devices/study-guide/n86HF5aR65a2DLQwNHDn "fv-autolink") (or sometimes a small hardware device) that logs the keys you press. Once it's installed, it quietly records everything you type, like login credentials, credit card numbers, or private messages, and ships that data back to an [adversary](/ap-cybersecurity/key-terms/adversary "fv-autolink"). It falls under *malware*, the malicious software defined in EK 4.1.B.1 that lets an adversary access a device and the data on it.

Keyloggers are a textbook example of exploiting a device to "view user actions" (EK 4.1.C.1). They don't crash your system or hold it for ransom. Their whole job is to sit invisibly and harvest information. That makes them a classic confidentiality threat: the device keeps working normally while your secrets leak out. A keylogger often arrives bundled with other malware, like a trojan that installs it silently, which is why it pairs naturally with the broader attack chain in [Topic 4.1](/ap-cybersecurity/unit-4/device-vulnerabilities-and-attacks/study-guide/HACz1L7MBGLXO5AANWlK "fv-autolink").

## Why It Matters

Keyloggers live in [Unit 4](/ap-cybersecurity/unit-4 "fv-autolink"): Securing Devices, specifically Topic 4.1 Device Vulnerabilities and Attacks. They support [AP Cybersecurity](/ap-cybersecurity "fv-autolink") 4.1.B (identifying the type of malware used in a cyberattack) and 4.1.C (explaining how adversaries exploit device vulnerabilities to cause loss or disruption). The keylogger is the go-to answer whenever a scenario describes an adversary capturing what a user types, especially credentials. Tie it to the CIA triad and it's primarily a confidentiality attack: the data's integrity and availability stay intact, but it's no longer secret.

## Connections

### Remote Access Trojan (RAT) (Unit 4)

A RAT is often the delivery vehicle that quietly installs a keylogger. The RAT gives the attacker [control](/ap-cybersecurity/unit-2/cyber-foundations/study-guide/0oS8jJyX7iolYntwz5Eh "fv-autolink") of the device, and the keylogger is the tool that scoops up keystrokes once they're in.

### [Malware (Unit 4)](/ap-cybersecurity/key-terms/malware)

A keylogger is one specific flavor of [malware](/ap-cybersecurity/key-terms/malware "fv-autolink") (EK 4.1.B.1). On the exam, you classify it under the malware umbrella, then pick the precise type based on what the attacker is doing (capturing keystrokes).

### Weak Authentication and Stolen Credentials (Unit 4)

EK 4.1.C.2 covers [adversaries](/ap-cybersecurity/unit-3/network-vulnerabilities-and-attacks/study-guide/9lJpNM0eCHQ1M3XgFL97 "fv-autolink") guessing passwords, but a keylogger skips the guessing entirely. It just reads the password as you type it, which is why it threatens even strong, unguessable passwords.

### [Anti-malware (Unit 4)](/ap-cybersecurity/key-terms/anti-malware)

Anti-malware is the defensive counterpart. It scans for and removes keyloggers, which is why keeping it updated is the standard mitigation when a device vulnerability scenario asks how to reduce risk.

## On the AP Exam

Expect keyloggers as the right answer to malware-identification multiple-choice stems. A common pattern: an adversary wants to steal login credentials by capturing a username and password "as they type" them. That phrasing, capturing keystrokes, points straight at a keylogger over a virus, worm, or ransomware. On free response tied to 4.1.C and 4.1.D, you might explain how an adversary uses a keylogger to "view user actions" and steal data, then assess the risk and recommend a mitigation like anti-malware or multi-factor authentication. The skill is matching the attacker's goal (harvesting typed data) to the correct malware type and naming a sensible defense.

## keylogger vs RAT (Remote Access Trojan)

A keylogger's whole purpose is to record keystrokes, nothing more. A RAT gives the attacker full remote control of the device, like running commands, accessing files, or turning on the webcam. They often work together (the RAT installs the keylogger), but if the question emphasizes capturing what's typed, choose keylogger; if it emphasizes remote control of the whole system, choose RAT.

## Key Takeaways

- A keylogger is malware that secretly records every keystroke to steal credentials and other typed data.
- It's primarily a confidentiality attack: the device keeps working while your secrets leak out.
- When a scenario says an adversary captures a username and password "as they type," the answer is a keylogger.
- Keyloggers map to EK 4.1.B (malware type) and EK 4.1.C.1 (viewing user actions), both in Unit 4.
- A RAT or trojan often delivers a keylogger, so they show up together in attack-chain questions.
- Even a strong password fails against a keylogger, which is why multi-factor authentication and anti-malware are the go-to defenses.

## FAQs

### What is a keylogger in AP Cybersecurity?

It's a type of malware (under EK 4.1.B) that secretly records every key you press, letting an adversary capture passwords, credit card numbers, and other sensitive data as you type it. It's covered in Unit 4, Topic 4.1.

### Is a keylogger the same as a virus?

No. A virus needs a user to execute or open a file to activate and spread, while a keylogger's defining trait is recording keystrokes. A keylogger can be delivered by a virus or trojan, but on the exam you classify it by what it does (capturing typed data), not how it arrived.

### How is a keylogger different from a RAT?

A keylogger only records what you type. A RAT (Remote Access Trojan) gives an attacker full control of your device, including running commands and accessing files. They often work together, but pick keylogger when the question stresses capturing keystrokes and RAT when it stresses remote control.

### Why doesn't a strong password protect you from a keylogger?

Because the keylogger reads your password while you type it, no matter how complex it is. That's why the standard defenses are multi-factor authentication and updated anti-malware rather than just a longer password.

### Which part of the CIA triad does a keylogger attack?

Mainly confidentiality. The device keeps functioning and the data stays intact and available, but the attacker now knows things they shouldn't, like your login credentials.

## Related Study Guides

- [4.1 Device Vulnerabilities and Attacks](/ap-cybersecurity/unit-4/device-vulnerabilities-and-attacks/study-guide/HACz1L7MBGLXO5AANWlK)

## Structured Data

```json
{"@context":"https://schema.org","@graph":[{"@type":"LearningResource","@id":"https://fiveable.me/ap-cybersecurity/key-terms/keylogger#resource","name":"Keylogger — AP Cybersecurity Definition & Exam Guide","url":"https://fiveable.me/ap-cybersecurity/key-terms/keylogger","learningResourceType":"Concept explainer","educationalLevel":"AP® / High School","about":{"@id":"https://fiveable.me/ap-cybersecurity/key-terms/keylogger#term"},"audience":{"@type":"EducationalAudience","educationalRole":"student"},"dateModified":"2026-06-15T18:59:30.719Z","isPartOf":{"@type":"Collection","name":"AP Cybersecurity Key Terms","url":"https://fiveable.me/ap-cybersecurity/key-terms"},"publisher":{"@type":"Organization","name":"Fiveable","url":"https://fiveable.me"}},{"@type":"DefinedTerm","@id":"https://fiveable.me/ap-cybersecurity/key-terms/keylogger#term","name":"keylogger","description":"A keylogger is a type of malware (or sometimes hardware) that secretly records every keystroke a user types, letting an adversary capture usernames, passwords, and other sensitive data as it's entered.","url":"https://fiveable.me/ap-cybersecurity/key-terms/keylogger","inDefinedTermSet":{"@type":"DefinedTermSet","name":"AP Cybersecurity Key Terms","url":"https://fiveable.me/ap-cybersecurity/key-terms"},"educationalAlignment":[{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 4, Topic 4.1, LO 4.1.A"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 4, Topic 4.1, LO 4.1.B"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 4, Topic 4.1, LO 4.1.C"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 4, Topic 4.1, LO 4.1.D"}]},{"@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is a keylogger in AP Cybersecurity?","acceptedAnswer":{"@type":"Answer","text":"It's a type of malware (under EK 4.1.B) that secretly records every key you press, letting an adversary capture passwords, credit card numbers, and other sensitive data as you type it. It's covered in Unit 4, Topic 4.1."}},{"@type":"Question","name":"Is a keylogger the same as a virus?","acceptedAnswer":{"@type":"Answer","text":"No. A virus needs a user to execute or open a file to activate and spread, while a keylogger's defining trait is recording keystrokes. A keylogger can be delivered by a virus or trojan, but on the exam you classify it by what it does (capturing typed data), not how it arrived."}},{"@type":"Question","name":"How is a keylogger different from a RAT?","acceptedAnswer":{"@type":"Answer","text":"A keylogger only records what you type. A RAT (Remote Access Trojan) gives an attacker full control of your device, including running commands and accessing files. They often work together, but pick keylogger when the question stresses capturing keystrokes and RAT when it stresses remote control."}},{"@type":"Question","name":"Why doesn't a strong password protect you from a keylogger?","acceptedAnswer":{"@type":"Answer","text":"Because the keylogger reads your password while you type it, no matter how complex it is. That's why the standard defenses are multi-factor authentication and updated anti-malware rather than just a longer password."}},{"@type":"Question","name":"Which part of the CIA triad does a keylogger attack?","acceptedAnswer":{"@type":"Answer","text":"Mainly confidentiality. The device keeps functioning and the data stays intact and available, but the attacker now knows things they shouldn't, like your login credentials."}}]},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"AP Cybersecurity","item":"https://fiveable.me/ap-cybersecurity"},{"@type":"ListItem","position":2,"name":"Key Terms","item":"https://fiveable.me/ap-cybersecurity/key-terms"},{"@type":"ListItem","position":3,"name":"Unit 4","item":"https://fiveable.me/ap-cybersecurity/unit-4"},{"@type":"ListItem","position":4,"name":"keylogger"}]}]}
```
