Cyberattacks 101: Stalkerware as Malware
April 07, 2021 by Loren Lachapelle
Cyberattacks using new malware is on the rise. Cybercriminals continue to expand and improve attack methods, uncover new vulnerabilities, and develop fresh exploits. Unfortunately, these evolving techniques work because they often get through traditional defenses undetected. With proper knowledge, awareness, and cautious browsing though, you can help defend against these attacks and keep data more secure.
Recently we’ve seen an increase in stalkerware. Let’s take a deeper dive into the basics of this type of malware.
What is stalkerware?
Stalkerware is a monitoring software used for spying on a known person. This malware monitors the victim without their knowledge and can be installed on smartphones, tablets, computers, or any other connected device.
It can track where the victim goes by monitoring the device’s GPS functions and can also watch apps installed on smartphones to access personal data like banking information and credit card accounts. Additionally, stalkerware can view and share the victim’s text messages or spy on and share information on their social media accounts. When it’s installed on a device, anything the person is using their device for is potentially being shared with the stalker.
Stalkerware is similar to spyware because they are both designed to acquire information about the victim, but the two have different methodologies and goals. With spyware, the victim typically accidentally or inadvertently downloads the malware. There might be a Trojan hidden in another application, or maybe they visited a site and encountered a drive-by download. In this case, the victim and the hacker likely don’t have a personal connection. In contrast, stalkerware is typically installed by someone who knows you and has some motivation for tracking your actions or accessing your accounts.
Another key distinction with stalkerware is it’s legal to purchase and has some legitimate uses. For example, if an organization issues a laptop or smartphone to an employee, they could install monitoring tools to ensure that the device is only being used for work purposes. The key to using it legally is using persistent notifications. You need to notify users that the monitoring tools are in place and state what the software can and can’t do.
Stalkerware can also be abused or misused. Many applications that have options to turn on those same notification settings will also have the option to turn them off. If the victim doesn’t see the notifications, it could mean they’re being monitored without their knowledge, and it can turn into a tricky situation fast. Because there can be lots of gray area with the legality of it, the FTC has banned some apps, such as Mobile Spy Phone Sheriff and Teen Shield because users were not being notified.
Although the technology itself (and owning it) may be legal, it’s often used in illegal ways when the victim is unaware or didn’t give consent to content-sharing and monitoring from their device.
How can you tell if stalkerware is on your device?
There are a few red flags tolet you know if stalkerware is potentially installed on your device. We’ll cover them below.
- The performance of your device suddenly and unexpectedly declines. If your device is suddenly taking much longer to load a website or video, or messages aren’t coming in at the same speed as they used to, that could mean another app with stalkerware is running in the background and decreasing your performance.
- The device settings have changed without your consent or knowledge. If apps are moving around, or things just don’t look like they used to, it could be benign, but it could also be a potential sign stalkerware is installed ... and something serious is going on.
- Strange messages or pop-ups are appearing on the device. This could be true for any type of malware once it’s installed to the device. It might try to get you to install more apps, so these strange messages and pop-ups could be a sign of stalkerware on the device.
- You see new apps on the device that you don’t recall installing. If you’re confident these mysterious apps weren’t there before, it’s a red flag something has been installed without your knowledge and can include stalkerware malware.
How can you defend against stalkerware?
If you think stalkerware has been installed and is being used maliciously on your device, there are probably underlying issues that need to be resolved. Since stalkerware malware is typically installed by someone close to you – someone with access to your devices – it’s important to know that you may need to take steps outside of the technical actions mentioned here.
Some technical steps you can take to defend against stalkerware include:
- Ensure you secure your device so only you have access to it. If you are the only one who holds your phone, or the only one who knows the password to your laptop, it’s going to make it difficult for others to install this software. Preventing outside access is a great first step.
- Install and update antivirus protection. Antivirus software can be an effective way to identify and disabling known malicious activity. Having an antivirus software installed will add another layer of protection for your laptop and desktop devices.
- Remove any suspicious apps. If you see suspicious apps or messages popping up from a strange source, simply remove them from your device.
- Report the malicious software. Always report any malicious software to legal authorities, and if it’s on your work device, report it to your IT or security team as soon as possible. They may have additional ways to check if the app was successfully removed or have further options for mitigation.
By knowing what stalkerware is, how it works, and how to detect it, you’ll be able to defend against it if you ever encounter it on your device.