WeLiveSecurity takes a look at what you need to know about spyware – the malware secretly prying on your online activities.
Spyware is defined as a “generic term for a range of surreptitious malware such as keyloggers, remote access trojans, and backdoor trojans, especially those that allow remote surveillance of passwords and other sensitive data”.
The term can also refer to “more aggressive adware”, which collects user information such as visited websites, installed applications, and other personal data.
Spyware today is a big problem for enterprises and consumers alike, especially given the recently reported variants infecting Android, Apple and Windows devices.
How does spyware work?
Like most malware, spyware finds its way onto your device without your knowledge or permission.
Spyware often looks to exploit software or web browser vulnerabilities. It does not spread like a virus or worm – instead, a “dropper” tries to convince the user to download (an actually bogus version of) some legitimate or otherwise “interesting” software, or to click on a link. If the user is successfully fooled, the dropper then downloads and installs the spyware and thereby converts the user into a victim.
Other ways in which spyware can infest your machine include drive-by-download (whereby spyware loads when you visit a page), phishing links and even ‘anti-spyware’ tools. It can also be downloaded through physical devices, like USB keys.
What types of spyware are there?
It’s arguable that the word ‘spyware’ was first used in 1995, in a Usenet post; today, it generally is used to refer to four types of unwanted code: adware, system monitors, tracking cookies, and trojans.
Perhaps keyloggers are the software category most commonly associated with spyware; other examples include digital rights management capabilities that “phone home” back to a command and control (C&C) server, rootkits, and web beacons.
How can I detect if someone is spying on me?
Anti-spyware and malware solutions can help to scan your machine, while users should also look out for common symptoms like computer slowdown, crashes and mass pop-ups, as well as suspicious hard drive activity and running out of HD space.
How to avoid infection?
We’ve long been warned about the dangers of third-party app stores – and for good reason. Often these stores host counterfeit or even “genuine but repackaged” – and malware-infected – applications. These can seek to spy on your activities or steal confidential personal information.
As one recent example, a Netflix scam saw people infected with the SpyNote RAT posing as a genuine Netflix app and subsequently spying on user activity. As a general rule of thumb, avoid any stores outside of the usual App Store, Google Play or Windows Store mix.
Do spyware authors target Android and iOS?
Spyware has often been found on Android and iOS apps, and it is particularly successful on Google’s Android operating system.
In September, Google removed four apps from Google Play after they were found with the ‘Overseer’ spyware. Meanwhile, more recently, the Pegasus iOS spyware allowed adversaries to silently jailbreak Apple devices, spy on victims and collect voice, camera, email, messaging, GPS and contact data.
These infected apps often look to steal contact and personal information, SMS messages, track devices and phone calls, capture keyboard outputs or perform DoS attacks. They could also force your device into botnet.
Are governments engaged in or advocating the use of spyware?
Some countries have sought to use spyware to spy on dissidents, journalists and other citizens.
Hacking Team was a classic example of selling spyware tools to nefarious actors, while FinFisher (AKA FinSpy) was a high-end surveillance suite sold to law enforcement and intelligence agencies. Ironically, FinFisher later suffered a mega data breach of its own, an embarrassment for any company in the field of information security.
How do I remove spyware?
Removing spyware may sound complex, but, if done correctly, it can be fairly simple. The process will differ per device, but downloading spyware-blocker software, running security scans and removing temporary files is a good start.
Mobile users may also need to update software, remove applications or perform a factory reset.
Which browsers are the worst for spyware?
This is difficult to say. Owing largely to the numerous security issues it has suffered through the years, Microsoft’s Internet Explorer browser has been particularly susceptible to spyware attacks, but it is no more vulnerable or secure than other browsers are.
In summary: Be security-conscious
Spyware is widely spread across the web, and is ever present on today’s mobile and desktop devices. You should be security-conscious at all times and avoid clicking suspicious links or downloading unknown software. It’s also advisable to use security software to keep yourself constantly protected.