Sage Advice - Cybersecurity Blog

Cyberattacks 101: Stalkerware as Malware

Stalkerware-blogCyberattacks using new malware is on the rise. Cybercriminals continue to expand and improve attack methods, uncover new vulnerabilities, and develop fresh exploits. Unfortunately, these evolving techniques work because they often get through traditional defenses undetected. With proper knowledge, awareness, and cautious browsing though, you can help defend against these attacks and keep data more secure.

Recently we’ve seen an increase in stalkerware. Let’s take a deeper dive into the basics of this type of malware.

What is stalkerware?

Stalkerware is a monitoring software that is used for spying on a known person. This malware monitors the victim without their knowledge, and can be installed on smartphones, tablets, computers, or any other connected device.

It can track where the victim goes by monitoring the device’s GPS functions, and can also watch apps installed on smartphones to access personal data like banking information and credit card accounts. Additionally, stalkerware can view and share the victim’s text messages or spy on and share information on their social media accounts. When it’s installed on a device, anything that the person is using their device for is potentially being shared with the stalker.

Stalkerware is similar to spyware because they are both designed to acquire information about the victim, but the two have different methodologies and goals. With spyware, the victim typically accidentally or inadvertently downloads the malware. There might be a Trojan hidden in another application, or maybe they visited a site and encountered a drive-by download. In this case, the victim and the hacker likely don’t have a personal connection. In contrast, stalkerware is typically installed by someone who knows you and has some motivation for tracking your actions or accessing your accounts.

Another key distinction with stalkerware is that it’s legal to purchase and has some legitimate uses. For example, if an organization issues a laptop or smartphone to an employee, they could install monitoring tools to ensure that the device is only being used for work purposes. The key to using it legally is using persistent notifications. You need to notify users that the monitoring tools are in place and states what the software can and can’t do.

Stalkerware can also be abused or misused. A lot of the applications that have options to turn on those same notification settings will also have the option to turn them off. If the victim doesn’t see the notifications, it could mean that they’re being monitored without their knowledge and it can turn into a tricky situation fast. Because there can be a lot of gray area with the legality of it, the FTC has banned some apps, such as Mobile Spy Phone Sheriff and Teen Shield because users were not being notified.

Although the technology itself (and owning it) may be legal, it’s often used in illegal ways when the victim is unaware or didn’t give consent to content sharing and monitoring from their device.

How can you tell if stalkerware is on your device?

There are a few red flags that can help you know if stalkerware is installed on your device. We’ll cover them below.

  1. The performance of your device suddenly and unexpectedly declines. If your device is suddenly taking much longer to load a website or video, or messages aren’t coming in at the same speed as they used to, that could mean that another app with stalkerware is running in the background and decreasing your performance.
  2. The device settings have changed without your consent or knowledge. If apps are moving around, or things just don’t look like they used to, it could be benign, but it could also be a potential sign that stalkerware is installed and something serious is going on.
  3. Strange messages or pop-ups are appearing on the device. This could be true for any type of malware once it’s installed to the device. It might try to get you to install more apps, so these strange messages and pop-ups could be a sign of stalkerware on the device.
  4. You see new apps on the device that you don’t recall installing. If you’re confident that these mysterious apps weren’t there before, it’s a red flag that something has been installed without your knowledge and can include stalkerware malware.

How can you defend against stalkerware?

If you think that stalkerware has been installed and is being used maliciously on your device, there are probably underlying issues that need to be resolved. Since stalkerware malware is typically installed by someone close to you – someone with access to your devices – it’s important to know that you may need to take steps outside of the technical actions mentioned here.

Some technical steps you can take to defend against stalkerware include:

  1. Ensure that you secure your device so that only you have access to it. If you are the only one who holds your phone, or the only one who knows the password to your laptop, it’s going to make it difficult for others to install this software. Preventing outside access is a great first step!
  2. Install and update antivirus protection. Antivirus software can be an effective way to identify and disabling known malicious activity. Having an antivirus software installed will add another layer of protection for your laptop and desktop devices.
  3. Remove any suspicious apps. If you see suspicious apps or messages popping up from a strange source, simply remove them from your device.
  4. Report the malicious software. Always report any malicious software to legal authorities, and if it’s on your work device, report it to your IT or security team as soon as possible. They may have additional ways to check that the app was successfully removed or have further options for mitigation.

By knowing what stalkerware is, how it works, and how to detect it, you’ll be able to defend against it if you ever encounter it on your device.

The Tyler Cybersecurity Lifecycle

Cybersecurity isn’t a destination.

Cybersecurity Lifecycle

There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”

A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.

Learn More