I thought that Linux in general was an inherently secure operating system (like many other people) but I was shocked to find out that it is not.
Here is a demonstration of a simple key-logger that runs without sudo privileges using the X window process:
xinput –list #shows the list of input device IDs including the physical and virtual keyboards
Using the information from the previous command–for this example if the ID of your physical keyboard is 9, the following command sets up a simple keylogger that displays the character and ASCII number of the keydown or keyup (i.e. “press” and “release”).
xinput test 9
This does not require root or sudo privileges. If we redirect this output to a hidden file we have a record of all the keystrokes.
Presumably one goal of an attacker is escalation of privileges from common user to root. This can be accomplished in similar fashion by creating a script that mimics sudo, copies the sudo password to a hidden file, then executes the sudo command so that the user does not even realize that the password has been compromised. Once that happens the sudo (root privilege) password is exported or extracted from the hidden file.
Here is a great article on Linux key-loggers:
https://www.hackingloops.com/linux-keylogger/
If this is a concern to you, read this article on Linux vulnerabilities. Windows and other operating systems have vulnerabilities too, but it seems that Linux distributions are often slower to fix them.
https://madaidans-insecurities.github.io/linux.html
One key takeaway that I learned is that it may be better to implement the Linux “rolling” releases than the “stable” ones because the known vulnerabilities in the stable release are only fixed when a CVE (a list of known “Common Vulnerabilities and Exposures”) is issued and sometimes those are not issued as often as they should be. At least with a rolling release the OS will have the latest available security releases up to that date.