Systems and methods are described for providing ways to protect client devices in communication with virtual desktops and virtual applications from keylogging attacks. A keyboard filter driver obfuscates scancodes from key presses produced on the keyboard of the client device so that malicious keylogging or keyboard hooking software is not able to observe user inputs. The obfuscated scancodes are conveyed and de-obfuscated before being applied in the virtual desktop or virtual application.