Beware of stalkerware

[harlan4096]

Spyware might sound like a concept from a Hollywood movie, yet commercial versions of such programs – known in the cybersecurity industry as ‘stalkerware’ – are a daily reality for many people. For the price of just a few dollars, consumer spyware programs allow users to spy on their current or former partners, and even strangers. This can be done by simply installing an app on the targeted victim’s smartphone or tablet. Once this has happened, the stalker is granted access to a range of personal data: from the victim’s location and SMS, to social media messages and live feeds from their device camera or microphone.

From observing stalkerware program functionality, it can be seen that there are very few differences between commercial spyware (detected and defined by most security software as ‘not-a-virus’) and classic spying malware.

For example, a consumer surveillance program works like this:

* The command and control server (C2) is provided by the service owners

* It is easy to buy and deploy than spying malware. There is no need to use shady hacking forums and have programming skills – in almost all cases it requires a simple manual installation

Stalkerware programs have been exposed and publicly criticized multiple times, yet in most countries their status remains vague, while some brands market their programs as child-tracking software. However these programs should not be confused with legal parental control software and ‘find my phone’ apps, despite an overlap in functionality. Firstly, they are distributed through dedicated landing pages – a direct violation of Google Play safety recommendations. Secondly, these apps have functionality that allows them to invade the privacy of an individual without their consent or knowledge: the application icon can be hidden from the applications menu, while the app continues to run in the background, and some functions of the app fulfil surveillance tasks (such as recording the victim’s voice). Some even delete traces of their presence from the phone, along with any installed security solutions once the attacker manually grants the application with root-access.

We detect such programs as ‘not-a-virus:Monitor’ and have been keeping a close eye on them. Two years ago, we published our first overview and continued to monitor such threats. We have now decided to conduct further research to check how stalkerware is being used and determine the most prominent features of the latest consumer surveillance programs.

Continue Reading