With much of the discussion in the cybersecurity sphere focusing on attack campaigns against businesses and how to mitigate them, it’s important not to forget that many types of cyber threats target and cause harm solely to individuals. One worrying threat with an alarming range of possibilities is stalkerware. This post explains what stalkerware is, common features, possible consequences and tips to protect yourself.
Stalkerware is a type of software that people covertly install on a victim’s phone where it lurks in the background collecting data about what the victim does. The typical perpetrators are often close to the victims—the common scenario is an overly suspicious partner or disgruntled and obsessed ex-partner installing stalkerware on the victim’s smartphone. Worldwide detection of users impacted by stalkerware totaled 32,694 individuals in 2021.
This growing threat to individual security and privacy is part of a wider area of technology-facilitated abuse. Developments in technology over the last decade or so, including the proliferation of social media and moving to a mobile-first world, brought about both positive and negative changes. Tech abuse exploits these changes and innovations to harass, monitor or exploit people.
Stalkerware exists in somewhat of a legal and ethical grey area because the apps used for this purpose also have other use cases that aren’t malicious. While there is a hard line that makes it easy to distinguish whether software created expressly for malicious use is bad or good, the same is not true for stalkerware apps.
Parental monitoring out of concern for a child’s well-being or monitoring an elderly relative with dementia are two things that sound useful, ethically sound and legal. The companies creating stalkerware often market their apps as parental monitoring software or even anti-theft solutions, but the reality doesn’t match up with the marketing. Criminals can hijack the apparent legitimacy of these apps for their own nefarious purposes, and most antivirus solutions won’t flag anything because the app is not strictly malware.
Since stalkerware apps often have a legitimate use, it’s been a struggle to get a handle on their more devious undercurrent. Google explicitly took steps to ban stalkerware in 2020 by forbidding any code that collects and/or transmits personal or sensitive user data from a device without adequate notice or consent and doesn’t display a persistent notification of this activity to the user.
Unfortunately, new apps continually emerge to replace banned ones. Furthermore, jailbreaking provides a way to circumvent any bans enforced by mobile operating systems. Jailbreaking enables the perpetrator to install pretty much any app they want on a device. If the victim’s phone is already jailbroken before it gets in their hands, installing stalkerware becomes even easier.
A more primitive stalking attempt inspired by stalkerware exploits the use of popular hardware devices, such as Apple AirTags, to covertly track the location of people. One notable case involved model Brooks Nader noticing an AirTag planted in her belongings on a night out.
It’s important to clarify a small distinction between stalkerware vs. spyware. While both types of software sound similar in how they operate, spyware often gets installed when visiting a website or clicking a link. In other words, spyware doesn’t require the physical access that stalkerware does.
Spyware is used by dedicated cybercriminal gangs and nation states to surveil people, in contrast to the lone-wolf actors that are often behind stalkerware. An infamous example of spyware is Pegasus, which the Israeli cyber-arms company NSO Group developed. The use of Pegasus became a politically-charged topic, with various governments around the world using it to spy on political opposition groups, activists and journalists.
Whether a stalkerware app is marketed as a seemingly legitimate solution or it’s downloaded directly onto a jailbroken device from a dubious source, some common features include:
The likeliest origin of stalkerware being installed on a phone involves people very close to the victim. Since physical access is first required to download the stalkerware app, the perpetrator needs to get ahold of the victim’s phone temporarily for at least a few minutes. The easiest way for this to happen is when two people live under the same roof.
It’s worth bearing in mind though that there are other less common scenarios. For example, an obsessive boss or another high-ranking employee might ask for access to a victim’s smartphone under the guise of checking that it’s in compliance with corporate BYOD policies. The victim then gets unknowingly monitored by someone at their workplace.
Awareness about the threat of stalkerware is a good start. The following tips can help prevent, detect or remove these apps from your device.
The nature of the cyberthreat landscape is that individuals are always exposed to cyberthreats, some of which may target their financial data or personal security, like stalkerware. Many other threats target individuals at the workplace in an attempt to compromise their employers. Often, workplace cyber threats focus on the endpoint devices that employees use for normal work activities.
With the right endpoint detection and response solution, companies can get visibility into threats that evade standard antivirus software and deploy accelerated remediation capabilities for those threats.