where some user input is recorded and can be sent back to the attacker who placed the keylogger there. Can be software or hardware based.
IoCs
- suspicious file hashes and signatures
- data exfiltration behaviour
- Command and Control C&C traffic
- malicious running processes
- known reference URLs