The scale of the scourge<\/h2>\n
Stalkerware apps\u2019 features vary, but most enable total surveillance of the victim\u2019s smartphone. Moreover, to install the app on the target device, the attacker simply needs to gain physical access to it once. Many people trust their partners enough to give them that access.<\/p>\n
Among other things, stalkerware users can, without alerting their target in any way:<\/p>\n
- \n
- Track a victim\u2019s location;<\/li>\n
- Read messages in messaging apps and social networks;<\/li>\n
- View photos, videos, and other files on the device;<\/li>\n
- Eavesdrop on telephone conversations;<\/li>\n
- See everything typed on the keypad, including passwords and two-factor authentication codes.<\/li>\n<\/ul>\n
Stalkerware typically hides itself from the list of installed programs and does not display any activity notifications.<\/p>\n
Knowing their victim\u2019s every move, an attacker can control, threaten, and psychologically pressure them. According to a 2017 report by the European Institute for Gender Equality<\/a> (EIGE), seven of ten women affected by online stalking have experienced physical violence, sexual violence, or both at the hands of the perpetrator.<\/p>\n
The scale of the problem continues to grow. For example, an Australian study on technology abuse and domestic violence<\/a> showed that, since 2015, attackers have become far more likely to track the locations of current and former partners, and almost twice as likely to monitor them with cameras. The Centre Hubertine Auclert in France reports that one in five victims of relationship violence has encountered spyware. Germany also notes a rise in the use of stalkerware in recent years.<\/p>\n
54,000 stalkerware victims in 2020<\/h2>\n
What has changed since 2019, when we teamed up with like-minded companies and nonprofits in the fight against stalkerware<\/a>? Data from Kaspersky Security Network indicates almost 54,000 users worldwide<\/a> were affected by stalkerware apps in 2020. Is that high or low? The figure in 2018 was almost 40,000, but in 2019 it topped 67,000.<\/p>\n
![\"Unique](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2021\/03\/19110625\/stalkerware-in-2020-unique-users.png\")
<\/a>Unique users worldwide affected by stalkerware, 2018\u20132020. Source<\/a><\/p><\/div>\n
This much is clear: The fight against online stalking is far from won. First, when it comes to threats of violence, 54,000 is a big number, however you slice it. Second, the pandemic and its consequences are factors, holding people house-bound in 2020 \u2014 and household members (spouses, roommates) are by far the most likely to use stalkerware apps. Isolation is likely to skew the numbers; with a victim stuck at home, a stalker may not monitor their smartphone\u2019s whereabouts.<\/p>\n
With that in mind, it is unsurprising that the yearly curve of users affected by stalkerware globally shows a decline in reports from March to June 2020. That period coincides with the beginning of worldwide lockdowns. Later, when many countries around the world began to ease restrictions, the numbers began to rebound and stabilize.<\/p>\n
As for geography, our solutions most often detected stalkerware in Russia, Brazil, and the US, all of which landed in the Top 5 in 2019 as well. Among Asian countries, the problem was most acute in India, and the hardest hit in Europe were Germany, Italy, and the UK.<\/p>\n
2020\u2019s most common stalkerware families<\/h2>\n
As for stalkerware apps, the most common specimen in 2020 was the one our solutions call Monitor.AndroidOS.Nidb.a. Its developers allow the app to be resold under other names, so it is prominent in the market. The iSpyoo, TheTruthSpy, and Copy9 apps, for example, are all Nidb. Interestingly, until just a year ago, this stalkerware family was only the third most prevalent.<\/p>\n
Another very popular piece of spyware is Cerberus, which is sold as antitheft smartphone protection and hides itself to avoid notice. What\u2019s more, like genuine phone-finding apps, Cerberus has access to geolocation, can take photos and screenshots, and records sound.<\/p>\n
Other high-ranking stalking apps include Track My Phone (which our solutions detect as Agent.af), MobileTracker (which enables remote control of the victim\u2019s device), and the stalkerware program Anlost. The latter, like Cerberus, appears to be an antitheft tool, but it\u2019s available on Google Play, which declared war on stalkerware last year, because it meets the store\u2019s requirements.<\/p>\n
How to detect stalkerware<\/h2>\n
One of the main problems with stalkerware is that it can\u2019t just be found and removed. Removing stalkerware could alert an abuser that the victim is aware of being spied on. Some of the samples actually send a notification to the stalker, in which case deleting the app could escalate conflict and further endanger the victim.<\/p>\n
But stalkerware can, and must, be detected \u2014 for starters, knowing you are being watched can lead you to take precautions<\/a> or seek help. There are several ways<\/a> to sniff out a spy.<\/p>\n
- \n
- Keep an eye on battery and mobile data usage. Stalkerware runs in the background, sending constant streams of data to its server and eating up resources;<\/li>\n
- Check which apps have been given dangerous permissions<\/a> such as geolocation access or Accessibility (a set of Android features that lets an app control phone settings, read on-screen text, and more). If an unfamiliar app is using such permissions, it is likely to be stalkerware;<\/li>\n
- Use a security solution<\/a> that identifies and warns you about stalkerware. However, bear in mind that some types of stalkerware notify their operators if their target installs antivirus protection;<\/li>\n
- Use TinyCheck<\/a>, a solution designed to find stalkerware without its operator knowing.<\/li>\n<\/ul>\n
You can learn more about the tools and techniques mentioned above and how effective they are on our blog<\/a>.<\/p>\n
How to reduce the risk of stalkerware infection<\/h2>\n
You can reduce the risk of someone sneaking stalkerware onto your devices, too:<\/p>\n
- Use a security solution<\/a> that identifies and warns you about stalkerware. However, bear in mind that some types of stalkerware notify their operators if their target installs antivirus protection;<\/li>\n