Once installed on any digital device physically, they are able to access all your files, messages, digital activities, cameras, and GPS locations. In short, they have access to your life activities. They can be installed remotely through RAT or remote access tools like phishing emails containing malicious attachments or links, which, when clicked, download the spyware without the user’s knowledge.
“These openly-sold consumer surveillance programs are often used for spying on colleagues, family members or partners, and are in great demand,” said a researcher with a virus detecting company. “For a relatively modest fee, sometimes as little as $7 per month, these apps stay hidden while keeping their operators informed about the device activity, such as its owner’s location, browser history, text messages, social media chats, and more. Some of them can even make video and voice recordings.”
Most such apps that are available on the pay stores have been removed after activists against domestic abuse by the users of such stalkerware lobbied to get them removed. Researchers from cybersecurity firm Avast detected eight such apps on the Google Play Store that allowed people to keep tabs on employees, romantic partners, or kids. Google later took them down.
Android phone users are more vulnerable to such stalkerware as most virus detecting apps that are on the Play Store do not recognize them as such. Well known cybersecurity firms too do not consider them worthy of detecting as malicious. They might recognize the malware but do not flag it or term it as a harmful virus.
Cybersecurity Firms Gear Up to Tackle Stalkerware Menace
Eva Galperin is one of the few dedicated hacktivists to recognize the evil of this stalkerware and started a dedicated campaign to get cybersecurity firms to realize the harm they were doing to especially domestic abuse victims both male and females.
She floated a non-profit Threat Lab of the digital civil liberties group, the Electronic Frontier Foundation, last year.
“Full access to someone’s phone is essentially full access to someone’s mind,” says Galperin. “The people who end up with this software on their phones can become victims of physical abuse, of physical stalking. They get beaten. They can be killed. Their children can be kidnapped. It’s the small end of a very large, terrifying wedge.”
She got in touch with Kaspersky and persuaded them to accept stalkerware as malicious ware and a malware virus. Earlier, most spyware detecting virus companies merely treated such stalkerware as a suspicious activity but not threatening.
Recently, Kaspersky did some research on such spyware and came up with some interesting facts.
The number of people who have discovered such software on their devices has risen by at least 35% in the past year. They detected stalkerware on 37,532 devices.
Malwarebytes, another cybersecurity firm, found 2500 such stalkerware floating around.
Kaspersky’s research says Russia has the highest stalkerware activity. India, Brazil, the United States and Germany complete the top five countries.
Hacktivists Gear Up to Tackle Stalkerware Menace
Most of these stalkerware tools are advertised as”employee monitoring” or “parental control” products. Some even openly call them cheat busters, or tools to catch your cheating partner.
Researchers at Cornell Tech, New York University, and the University of Washington did a study of 70 known Android stalkerware and looked at how they fared under antivirus detecting tools. They found McAfee antivirus did the best job missing 10 percent of the apps; most others missed 25 to 40 percent. ESET missed 85 percent.
Galperin wants Apple to fix any vulnerability in its iPhones that allows jailbreak and installation of stalkerware
She also wants law enforcement agencies to take note of how this stalkerware is misused. According to her, the existing cyberstalking laws like the Wiretap Act, the Computer Fraud and Abuse Act, and state-level two-party-consent recording laws apply to some of these stalkerware companies that openly advertise as spyware to track cheating spouses and partners.
She says, they should take note and prosecute these companies for breach of law.
Her aim is to create awareness about the existence of such stalkerware, getting virus detecting companies to flag and raise the alarm for such viruses, and the users to be more conscious of security features and strong passwords and two-step authentication for every device they use.