Software keyloggers have been used to spy on computer users to track activity or gather sensitive information for decades. Their primary focus has been to capture keystroke data from physical keyboards. However, since the release of Microsoft Windows 8 in 2012 touchscreen personal computers have become much more prevalent, introducing the use of on-screen keyboards which afford users an alternative keystroke input method. Smart cities are designed to enhance and improve the quality of life of city populations while reducing cost and resource consumption. As new technology is developed to create safe, renewable, and sustainable environments, we introduce additional risk that mission critical data and access credentials may be stolen via malicious keyloggers. In turn, cyber-attacks targeting critical infrastructure using this data could result in widespread catastrophic systems failure. In order to protect society in the age of smart-cities it is vital that security implications are considered as this technology is implemented. In this paper we investigate the capabilities of keyloggers to capture keystrokes from an on-screen (virtual) keyboard and demonstrate that different keyloggers respond very differently to on-screen keyboard input. We suggest a number of future studies that could be performed to further understand the security implications presented by on-screen keyboards to smart cities as they relate to keyloggers.