Stalkerware Could Be Spying On You

Stalkerware is a category of invasive applications running on computers and smartphones that send data from your device to another person (usually a hacker but often a significant other). Programs can be purchased online that enable unauthorized hackers to everything on your computer.  Think photos, text messages emails, individual keystrokes, apps you’re running, and even activation of your webcam without your knowledge.

Stalkerware is similar to spyware in the way that you are being watched without your consent, stealing your information to use against you or others.

How Does It Work?

When Stalkerware was just starting out it let users secretly intercept their partners’ emails, turn on their webcams and read chat conversations. The software came in an email, which told its targets to open an attached e-card. Now, hackers have designed this to work on phones, laptops, tablets and a host of other mobile devices too.

Although it’s illegal to sell apps that exist to secretly spy on adults, the laws governing these sales are narrowly tailored and let many app makers operate legally. It doesn’t help that law enforcement agencies struggle to effectively investigate when victims bring their devices in with concerns over Stalkerware due to lack of forensics training, tools, time, and resources.

The software has been used in the past for horrible reasons.  It has been linked to domestic violence and tragedy since its inception. Back in 2014, a Minnesota woman was stalked by her boyfriend which resulted in being held captive and assaulted for hours by the perpetrator. The attacker tracked her movements and listened to her through a microphone using Stalkerware. Being tracked with GPS is something that is hard to defend against and can be quite frightening to someone with a domestic violence past. Location tracking presents the most immediate danger to survivors of domestic violence.  Privacy violation of Stalkerware is also a major burden for targets, said Erica Olsen, who directs the safety net program at the National Network to End Domestic Violence. “There’s essentially nothing you can do with or around your device that doesn’t have the potential to be seen by somebody else,” she said.

Have They Been Able to Stop Stalkerware?

There hasn’t been much progress in the fight against Stalkerware. There have been Antivirus companies that have been trying to identify Stalkerware apps on phones and give users specific warnings of the software tracking them. Many Antivirus companies have joined a Coalition Against Stalkerware. This is a group of domestic violence advocacy organizations and cybersecurity companies that aims to raise awareness of the problem and create best practices for identifying Stalkerware and warning targets.

Lawmakers and legal experts have been calling for change in the laws to improve privacy, but it’s very challenging to stop the sale of the apps and catch the people who use them to secretly track targets. It’s often hard to detect Stalkerware on your devices.  The best thing you can do is defend against attacks like these.

What Can Be Done to Prevent Stalkerware?

Becoming 100% immune to Stalkerware is unrealistic, but cybersecurity experts recommend minimizing the risk wherever you can. Below are what CyberHoot recommends you do to defend against Stalkerware or other malware that can infect your devices or network:

  1. Protect your mobile devices and critical accounts with a unique password 14+ character password and Two-Factor Authentication.
  2. Adopt a Password Manager (LastPass, 1Password, or DashLane) which are free for personal use. These allow you to keep unique, long, and strong passwords on all your online accounts making it harder for someone to guess your password and implant Stalkerware on your device(s).
  3. Use a strong passphrase and two-factor authentication to unlock your Master Password on your chosen Password Manager.
  4. Do not leave your smart phone or mobile devices lying around unlocked.  Ensure they are secured all of the time physically.
  5. Check apps installed on your device at regular intervals and delete those you do not need, and update that ones that you do need. Pay special attention to those apps that have suspicious permissions (access to GPS tracking, text monitoring, calls recording, etc.)
  6. Use reliable security protection and regularly do malware and antivirus scans. Smart Phones can now load antivirus/anti-malware to protect against some of these Stalkerware products.
  7. Ensure devices are always kept up to date.

Sources: CNET,The Dataist, Malwarebytes, StopStalkerware

Additional Reading:

Stalkerware Detection Rates Improving Across Antivirus Products

Stalkerware Sees All, US Laws Haven’t Stopped Its Spread

For more information on Stalkerware, watch this 4 minute video:

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.