As Director of Protection Labs & QA, Alexander Vukcevic is responsible for the development of new detection technologies and the analysis of new, still unknown malicious software. Together with his international experts team, he develops new strategies to protect computer systems and mobile devices from all types of attacks and to clean infected systems in real time.
Spyware is software that secretly monitors and collects information about your online activity, data on your device, and a wide range of personal information. This information is then exfiltrated from your device and sent to external servers for use in a variety of financial, monitoring, and advertising schemes. In addition to its various tracking abilities, spyware is primarily defined as being installed and operated without your knowledge or permission. There are spyware variants for all of the major operating systems.
Basic spyware features
There is a wide assortment of potential spying capabilities under the spyware umbrella. Some of the most common spyware functionalities are monitoring keystrokes, voice, location, and messages. In addition, spyware is also used to record account login information such as passwords which can be later used to steal a person’s identity. Here is an incomplete list of the primary monitoring abilities:
- Browser cookie placement
- Contact lists
- Device document and file content
- Device monitor/display
- Email and chat monitoring
- Keystroke logging
- Printer activity
- Record voices
- Social media activity
- Track location
- Website passwords and account user names
- Check out the best free anti-malware removal tools
Commercial spyware programs are usually created to collect a wide range of relevant information about user behavior, regardless of what kind of sensitive personal information might be collected. These programs or the data are usually sold to third parties, which can then do user profiling which is harnessed by service providers to place specially tailored advertisements or to simply launch targeted attacks on users’ devices.
Most famous examples of spyware
Some of the most famous cases of spyware have been from government and corporations – not hackers. The XCP digital rights management software from Sony BMG Entertainment used a variety of spyware-like tactics and rootkit.
In the German-speaking regions of Europe, the term “Bundestrojaner” or “State Trojan” is used to describe spyware used by security forces. While this type of software is to be used only after a warrant from the court, the discovery of R2D2 and other variants have touched off efforts by antivirus developers such as the German Avira to include it on their list of malware detections.
More recently, the discovery of the zero-day vulnerability in WhatsApp and its use by the Pegasus spyware from the Israeli NSO group led to the Facebook-owned messaging app rushing out a patch to its millions of users.
Signs of spyware infection
Common signs of a spyware infection are when the device behaves sluggishly, responds more slowly than usual during regular activities such as typing or web browsing, uses an abnormal amount of bandwidth, and connects to servers not related to your regular browsing activities. In addition, for adware connected schemes, the device browser may display an unusual amount of targeted advertisements. However, for more advanced cases such as Pegasus spyware– there are often no visible signs that the targeted device has been infected.
How did I pick up that spyware?
Spyware is spread through both targeted and channeled attacks. For state-run intelligence operations, spyware use is usually targeted on a specific target. Sometimes just picking up a call on your smartphone can be enough to get a spyware infection. That is the case of the Pegasus spyware from the Isreali NSO group and its installation on smartphones. The R2D2 “Bundestrojaner” was allegedly placed on the device while going through an airport custom check.
However, these are extreme – and unusual – cases. For consumer-grade spyware, cybercriminals usually distribute it through defined channels where the spyware features are bundled along with other features into a seemingly innocent downloaded app. Both targeted and channeled attacks can exploit a zero-day software vulnerability and the specific installation tactics will vary according to device and operating system.
However, the major spyware vulnerability point is you – the person using and installing apps on the device. As part of the installation of a new app or program, a user gives their required permission to place the spyware functionality into the system. Even on Android devices, a user gets the information about the requested permissions, but in most cases, this information is not read carefully or just completely ignored.
Antivirus apps have a mixed approach in how they approach spyware detections. For known malware combinations, the security app may directly stop the app from downloading or installing on the device. When spyware features are included in a bundled application – especially without any directly malicious activities – it may trigger a warning to the user that they are downloading a “Potentially Unwanted App,” or based on the degree of severity of the spy functionality, even classify these apps directly as malware.
How can I keep spyware off my device?
Tactics for keeping spyware at bay vary by device and operating system. However, having a quality antivirus/security system and a software updater installed are prerequisites.
For Windows-powered PCs, a good defense starts by not running the device in the Admin mode and having a separate user account for day-to-day operations. This slows down the installation process if any malicious spyware code is accidentally downloaded. Secondly, a software updater should be used to keep the various apps and programs on the device up to date.
While Windows will usually patch its own vulnerabilities, that’s not the case for many of the other programs and a good updater will search for and automatically install updates. The third security tactic is to be more careful in installing new programs from download sites. These can come bundled with additional apps called “Potentially Unwanted Apps” which may not be directly harmful but have spyware functionalities. Click carefully on those terms and conditions.
Android phones are best protected by checking app reviews and downloading them only from the official app markets. This will reduce to odds of downloading an app with spyware characteristics. In addition, read the fine print about what permissions are requested or which information an app may collect about your during its operation.
Alexander Vukcevic is the director of Protection Labs & QA at Avira.
- Check out the best free anti-malware tools