We often envision the perpetrators of spyware attacks as remote hackers with anonymous identities, breaking into our networks, accounts, and even devices via digital means. However, in recent years, one of the most common uses of spyware is in cases of domestic abuse. Often, abusive partners will use otherwise “legal” forms of spyware known as stalkerware to stalk their victims and use the sensitive information found on their devices as a means of manipulation.
What Stalkerware is and does
Stalkerware — also known as remote access trojans or “creepware/spouseware” — often requires physical access to a person’s device in order to be installed, but once deployed, it gives the hacker full access to their victim’s device remotely. Since our devices are the portals into almost all aspects of our lives — both digital and physical — compromised devices give hackers all the information they need to track, harass, blackmail, and harm their victims. What’s worse is that the most commonly suggested forms of tighter security, like 2-factor authentication and most antivirus software, won’t prevent or remove remote access.
Similarly, while not specifically stalkerware, the Google Play Store has a small but nevertheless alarming number of surveillance apps masquerading as everything from anti-theft tools to free antivirus apps and mobile VPNs.
Heck, even some governments have been discovered to be seeding app stores with data-collecting software. That number further increases when you factor in the numerous apps that can be downloaded and side-loaded onto Android devices.
Despite this very real threat, stalkerware remains woefully untreated by the majority of the antivirus and antimalware community. In fact, what few apps do identify stalkerware don’t even flag it as a true threat, and thus its rarely removed during routine scans.
Is there a solution?
Things are changing, however. Well-known security firm Kaspersky recently updated its software to more accurately identify and remove stalkerware from devices, thanks largely to the advocacy of Eva Galperin, a white hat hacker and advocate for survivors of domestic abuse and stalkerware attacks. Galperin began her fight against stalkerware by personally helping victims get out of abusive situations and removing surveillance software from their devices, and recently began talking to major security firms about how they can improve their software. You can read more about her campaign in this piece at Wired.
If you suspect your device has been compromised, or you want to take proper preventative measures, we highly recommend installing Kaspersky’s software on your device(s):
Hopefully, more antivirus creators will follow Kaspersky’s lead. In the meantime, here are some other tips for preventing stalkerware and other malware attacks:
Only download apps from officially sources that you trust and recognise
Always read reviews of apps prior to downloading
When in doubt, Google it—if an app is fishy, chances are someone’s called it out somewhere on the internet
Always follow security best practices
As the Wired piece points out, Kaspersky’s software has been tenuously linked to Russian intelligence agencies, with some implying their software may be acting as surveillance tools for the Russian government, but this has never been confirmed and Kaspersky outright denies the connection.