One of the most important features is the ability to log keystrokes to a file, then send that file to the hacker. The resulting file will be hard to read, but it could allow the hacker to reconstruct logon names and passwords, as well as discover any text the user has created. The interesting part for the hacker is that it doesn't matter how many encryption/authentication countermeasures the victim employs: if the hacker can read the raw keystrokes, then the hacker can determine all of the information the victim has created at the keyboard.
In many cases, the hacker can also inject keystrokes. If the victim walks away from his/her machine, the hacker might inject some text into the document the victim was working on.
