Stalkerware

Last updated

Stalkerware is monitoring software or spyware that is used for cyberstalking. [1] [2] The term was coined when people started to widely use commercial spyware or monitoring software to spy on their spouses or intimate partners. Stalkerware has been criticized because of its use by abusers, stalkers, and employers. [3] [4]

Contents

Definition and uses

Many information security experts and journalists[ who? ] apply the term stalkerware to any software (malicious programs and legitimate commercial monitoring products) that can be used or potentially be used for stalking. [5] [6] [7] The following features of stalkerware are distinguished:

History

According to a 2014 survey by NPR, 75% of domestic abuse shelters surveyed reported that they were working with individuals who had been tracked by their abusers via stalkerware. [9] The rising popularity of stalkerware led to an arms race between apps which helped users protect their privacy, and apps designed to circumvent those safeguards. [10]

Throughout its history, companies which develop stalkerware have been subject to numerous hacks and data breaches, many by hacktivists in protest of stalkerware's unethical applications. [11] Companies including mSpy, [12] Flexispy, [13] and KidGuard have been targets of breaches. [14]

In 2018, computer security specialist and activist Eva Galperin created a project to eradicate stalkerware. [15] Galperin has advocated for stalkerware to be seen as malware, and for phone and software companies to take steps to safeguard against the use of such programs. [7]

In 2020, Kaspersky Lab released a report on the state of stalkerware. Among its findings were that the United States, Russia and Brazil were the three countries most affected. [11]

Reception

Stalkerware has been criticized for its use by abusers to control and monitor their victims. The European Institute for Gender Equality released a report on stalkerware and cyberstalking's connection to domestic violence. [16] [17] Guides on how to detect and disable stalkerware have been published by sites including Mashable, [18] Wired, [19] and CNET. [20]

The news organization Vice publishes "When Spies Come Home", an investigative series about the use of stalkerware, and various controversies surrounding the industry. [21]

Legality

See also

Related Research Articles

Spyware is any malware that aims to gather information about a person or organization and send it to another entity in a way that harms the user by violating their privacy, endangering their device's security, or other means. This behavior may be present in other malware and in legitimate software. Websites may engage in spyware behaviors like web tracking. Hardware devices may also be affected.

Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware.

Browser hijacking is a form of unwanted software that modifies a web browser's settings without a user's permission, to inject unwanted advertising into the user's browser. A browser hijacker may replace the existing home page, error page, or search engine with its own. These are generally used to force hits to a particular website, increasing its advertising revenue.

Internet safety, also known as online safety, cyber safety and electronic safety (e-safety), refers to the policies, practices and processes that reduce the harms to people that are enabled by the (mis)use of information technology.

Cyberstalking is the use of the Internet or other electronic means to stalk or harass an individual, group, or organization. It may include false accusations, defamation, slander and libel. It may also include monitoring, identity theft, threats, vandalism, solicitation for sex, doxing, or blackmail. These unwanted behaviors are perpetrated online and cause intrusion into an individual's digital life as well as negatively impact a victim's mental and emotional well-being, as well as their sense of safety and security online.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

Cyber spying, cyber espionage, or cyber-collection is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware. Cyber espionage can be used to target various actors- individuals, competitors, rivals, groups, governments, and others- in order to obtain personal, economic, political or military advantages. It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.

<span class="mw-page-title-main">FinFisher</span> Surveillance software

FinFisher, also known as FinSpy, is surveillance software marketed by Lench IT Solutions plc, which markets the spyware through law enforcement channels.

Retina-X Studios is a software manufacturer company that develops computer and cell phone monitoring applications, focused on computers, smartphones, tablets and networks. The company is founded in 1997 and it is based in Jacksonville, Florida, United States.

<span class="mw-page-title-main">Morgan Marquis-Boire</span> New Zealand hacker, journalist, and security researcher

Morgan Marquis-Boire is a New Zealand-born hacker, journalist, and security researcher. Marquis-Boire previously served as an advisor to the Freedom of the Press Foundation. He was a Special Advisor to the Electronic Frontier Foundation (EFF) and advisor to the United Nations Interregional Crime and Justice Research Institute. He was the Director of Security at First Look Media and a contributing writer at The Intercept. He has been profiled by Wired, CNN, Süddeutsche Zeitung, and Tages Anzeiger. He was one of Wired Italy 's Top 50 people of 2014. In March 2015 he was named a Young Global Leader.

mSpy Computer monitoring software

mSpy is a brand of mobile and computer parental control monitoring software for iOS, Android, Windows, and macOS. The app allows users to monitor and log activity on the client device. It is owned by the Ukrainian IT company Brainstack.

DarkHotel is a targeted spear-phishing spyware and malware-spreading campaign that appears to be selectively attacking business hotel visitors through the hotel's in-house WiFi network. It is characterized by Kaspersky Lab as an advanced persistent threat.

<span class="mw-page-title-main">NSO Group</span> Israeli cyber-espionage and malware firm

NSO Group Technologies is an Israeli cyber-intelligence firm primarily known for its proprietary spyware Pegasus, which is capable of remote zero-click surveillance of smartphones. It employed almost 500 people as of 2017.

Pegasus is a spyware developed by the Israeli cyber-arms company NSO Group that is designed to be covertly and remotely installed on mobile phones running iOS and Android. While NSO Group markets Pegasus as a product for fighting crime and terrorism, governments around the world have routinely used the spyware to surveil journalists, lawyers, political dissidents, and human rights activists. The sale of Pegasus licenses to foreign governments must be approved by the Israeli Ministry of Defense.

<span class="mw-page-title-main">Eva Galperin</span> American cybersecurity, privacy and anti-stalkerware activist

Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation (EFF) and technical advisor for the Freedom of the Press Foundation. She is noted for her extensive work in protecting global privacy and free speech and for her research on malware and nation-state spyware.

<span class="mw-page-title-main">KidGuard</span> Computer surveillance

KidGuard is a parental monitoring application for iOS and Android mobile phones. The application uses proprietary software to help parents monitor their children’s text messages, browser history, social media activity, stored videos or photos, emails, and phone GPS location.

On October 30, 2019, WhatsApp's parent company Facebook, Inc. confirmed that Pegasus, a sophisticated snooping software developed by Israel's NSO Group, was used to target Indian journalists, activists, lawyers and senior government officials. The journalists and activists are believed to have been targets of surveillance for a two-week period until May, when the Indian national election was held.

Candiru is a private Tel Aviv-based company founded in 2014 which provides spyware and cyber-espionage services to government clients. Its management and investors overlap significantly with that of NSO Group. Its operations began being uncovered in 2019 by researchers at CitizenLab, Kaspersky, ESET. Microsoft refers to the company's cyber-espionage operations as "Caramel Tsunami/SOURGUM" while Kaspersky refers to it as "SandCat"

<span class="mw-page-title-main">Certo Software</span> Cybersecurity technology company

Certo Software Ltd is a British multinational cybersecurity technology company headquartered in Basingstoke, England. The company specializes in consumer mobile security and privacy solutions.

Operation Triangulation is a targeted cyberattack on iOS devices conducted using a chain of four zero-day vulnerabilities. It was first disclosed in June 2023 and is notable for its unprecedented technical complexity among iOS attacks. The number of victims is estimated to be in the thousands.

References

  1. Hernández, Luciano (2021-01-27). "What is stalkerware? Scary apps made for tracking". F-Secure Blog. Archived from the original on 2022-03-30. Retrieved 2022-03-30.
  2. Salvo, Philip Di; Porlezza, Colin (2020-11-18). "Hybrid professionalism in journalism: Opportunities and risks of hacker sources" (PDF). Studies in Communication Sciences. 20 (2): 243–254–243–254. doi: 10.24434/j.scoms.2020.02.007 . ISSN   2296-4150. S2CID   229478010.
  3. Leonid Grustniy (3 April 2019). "What makes the legal spying software — stalkerware — dangerous?". Kaspersky.
  4. Franceschi-Bicchierai, Joseph Cox,Lorenzo (2017-04-19). "'I'm Going to Burn Them to the Ground': Hackers Explain Why They Hit the Stalkerware Market". Vice. Retrieved 2019-10-08.{{cite web}}: CS1 maint: multiple names: authors list (link)
  5. 1 2 Harding, Xavier (18 July 2019). "These 7 Apps are Android Stalkerware, Delete Them Now". Fortune.
  6. Jee, Charlotte (10 July 2019). "How "stalkerware" apps are letting abusive partners spy on their victims". MIT Technology Review.
  7. 1 2 Andy Greenberg (4 March 2019). "Hacker Eva Galperin Has a Plan to Eradicate Stalkerware". Wired. ISSN   1059-1028.
  8. "Using 'stalkerware' to spy on a colleague's phone". BBC News. 25 October 2019.
  9. "Smartphones Are Used To Stalk, Control Domestic Abuse Victims". NPR.org. Retrieved 2021-06-17.
  10. Cottle, Michelle (2014-10-15). "The Adultery Arms Race". The Atlantic. Retrieved 2021-06-17.
  11. 1 2 "The state of stalkerware in 2020". securelist.com. 26 February 2021. Retrieved 2021-06-17.
  12. "Another mSpy leak exposed millions of sensitive user records". SearchSecurity. Retrieved 2021-06-17.
  13. "Stalkerware Company FlexiSpy Calls Catastrophic Hack 'Just Some False News'". www.vice.com. 19 April 2017. Retrieved 2021-06-17.
  14. "A 'stalkerware' app leaked phone data from thousands of victims". TechCrunch. 20 February 2020. Retrieved 2021-06-17.
  15. Doctorow, Cory (2019-04-03). "How EFF's Eva Galperin plans to destroy the stalkerware industry". Boing Boing. Retrieved 2021-06-17.
  16. "Cyber violence is a growing threat, especially for women and girls". European Institute for Gender Equality. Retrieved 2021-06-17.
  17. "Stalkerware is Gaining Ground – Don't Be a Victim". HideMyTraffic.com. 9 May 2023. Retrieved 2023-07-09.
  18. Morse, Jack. "How to find stalkerware on your smartphone". Mashable. Retrieved 2021-06-17.
  19. "How to Check Your Devices for Stalkerware". Wired. ISSN   1059-1028 . Retrieved 2021-06-17.
  20. Hautala, Laura. "'I thought I was going nuts': What to do if you think stalkerware's on your phone". CNET. Retrieved 2021-06-17.
  21. "When Spies Come Home". www.vice.com. Retrieved 2021-06-17.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.