{"id":44093,"date":"2022-04-12T09:04:15","date_gmt":"2022-04-12T13:04:15","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=44093"},"modified":"2022-04-14T10:31:49","modified_gmt":"2022-04-14T14:31:49","slug":"stalkerware-in-2021","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/stalkerware-in-2021\/44093\/","title":{"rendered":"Stalkerware \u2014 the threat is still there"},"content":{"rendered":"<p>Have you ever seen a movie or TV-show where the stalker finds out everything about their victim by means of a spying app on their phone? Such plot twists often seem over-the-top: how can an ordinary person with no special technical skills really pull something like that off? However, unfortunately this is indeed possible with <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/stalkerware-spouseware\/\" target=\"_blank\" rel=\"noopener\">stalkerware<\/a> \u2014 tracking apps that allow to covertly collect information about a phone\u2019s owner. These apps can:<\/p>\n<ul>\n<li>Read text messages, as well as messages on social media and in messaging apps like WhatsApp, Telegram, Signal, and so on;<\/li>\n<li>View contact lists and call histories;<\/li>\n<li>Track victims\u2019 locations;<\/li>\n<li>Collect data from calendars \u2014 planned meetings, events, and so on;<\/li>\n<li>View photos stored on phones;<\/li>\n<li>Take screenshots and front-camera photos.<\/li>\n<\/ul>\n<p><strong>Stalkerware<\/strong> is a dangerous tool used for digital abuse, which domestic abusers often use to control their victims. Public organizations focused on the issue of domestic abuse \u2014 such as the <a href=\"https:\/\/nnedv.org\/\" target=\"_blank\" rel=\"nofollow noopener\">National Network to End Domestic Violence<\/a> and the <a href=\"https:\/\/www.work-with-perpetrators.eu\/\" target=\"_blank\" rel=\"nofollow noopener\">European Network for the Work with Perpetrators of Domestic Violence<\/a> \u2014 note that physical <a href=\"https:\/\/en.wikipedia.org\/wiki\/Abusive_power_and_control\" target=\"_blank\" rel=\"nofollow noopener\">violence<\/a> and digital abuse often go hand in hand.<\/p>\n<p>Over the last four years the Kaspersky team has regularly issued reports on the current situation regarding stalkerware, in particular using data provided by the <a href=\"https:\/\/www.kaspersky.com\/ksn\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Security Network<\/a> (KSN) \u2014 a global network for exchanging information on cyberthreats. This year\u2019s final <a href=\"https:\/\/securelist.com\/the-state-of-stalkerware-in-2021\/106193\/\" target=\"_blank\" rel=\"nofollow noopener\">report<\/a> also includes results of a <a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2021\/11\/17164103\/Kaspersky_Digital-stalking-in-relationships_Report_FINAL.pdf\" target=\"_blank\" rel=\"noopener\">survey<\/a> on digital abuse commissioned by Kaspersky and several public organizations. More than 21,000 respondents from 21 countries participated in the survey.<\/p>\n<h2>Prevalence of stalkerware in 2021<\/h2>\n<p>The data obtained from Kaspersky Security Network shows that in 2021, about 33,000 unique users of the system were affected by stalkerware. This is an historic low. To compare, in 2020 nearly 54,000 people were affected by such apps, and in 2019 \u2014 more than 67,000.<\/p>\n<div id=\"attachment_44097\" style=\"width: 2810px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2022\/04\/12085956\/stalkerware-in-2021-chart.png\"><img decoding=\"async\" aria-describedby=\"caption-attachment-44097\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2022\/04\/12085956\/stalkerware-in-2021-chart.png\" alt=\"The number of unique users affected by stalkerware in 2018-2021\" width=\"2800\" height=\"1400\" class=\"size-full wp-image-44097\"><\/a><p id=\"caption-attachment-44097\" class=\"wp-caption-text\">The number of unique users affected by stalkerware in 2018-2021. <a href=\"https:\/\/securelist.com\/the-state-of-stalkerware-in-2021\/106193\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/p><\/div>\n<p>Does this mean the threat is gradually receding? Unfortunately not. This decrease correlates with the aftermath of the pandemic. Because of lockdowns abusers \u2014 stalkerware\u2019s main user-base \u2014 did not need any additional tools for spying on and controlling their victims over the last two years. After all, they were literally locked down at home together.<\/p>\n<p>Aside from that, it is important to understand that the methods of stalking continue to evolve. Among the participants of our survey who reported that their intimate partners were spying on them using technology (of course, this does not take into account those who were not aware of such spying), the <a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2021\/11\/17164103\/Kaspersky_Digital-stalking-in-relationships_Report_FINAL.pdf\" target=\"_blank\" rel=\"noopener\">distribution<\/a> of stalking tools was as follows:<\/p>\n<ul>\n<li>Mobile apps \u2014 50%<\/li>\n<li>Tracking devices (for example, <a href=\"https:\/\/www.kaspersky.com\/blog\/how-to-protect-from-stalking-with-airtag\/43705\/\" target=\"_blank\" rel=\"noopener nofollow\">AirTags<\/a> \u2014 keychains for easy-to-lose items) \u2014 29%<\/li>\n<li>Laptop apps \u2014 27%<\/li>\n<li>Webcams \u2014 22%<\/li>\n<li>Smart home systems \u2014 18%<\/li>\n<li>Fitness trackers \u2014 14%<\/li>\n<\/ul>\n<p>Out of this list, only mobile apps are part of the statistics we collected using KSN. In other words, we are seeing just part of the whole picture.<\/p>\n<p>It is also important to understand that these statistics include only data from users who consent to provide it to KSN. <a href=\"http:\/\/www.stopstalkerware.org\" target=\"_blank\" rel=\"nofollow noopener\">The Coalition Against Stalkerware<\/a> \u2014 an organization which brings together representatives of the IT industry and non-profit companies \u2014 believes that the overall number of users affected by this threat might be <a href=\"https:\/\/securelist.com\/the-state-of-stalkerware-in-2021\/106193\/\" target=\"_blank\" rel=\"nofollow noopener\">30 times higher<\/a>. In other words, according to this assessment, about a million people worldwide fall victim to stalkerware every year.<\/p>\n<p>As for the geographical spread, most stalkerware victims among the users of KSN were from Russia, Brazil, and the U.S.A. \u2014 <a href=\"https:\/\/www.kaspersky.com\/blog\/stalkerware-in-2020\/39102\/\" target=\"_blank\" rel=\"noopener nofollow\">similar to in both 2019 and 2020<\/a>.<\/p>\n<h2>Legality of stalkerware<\/h2>\n<p>The legal framework governing digital abuse \u2014 stalkerware in particular \u2014 varies in different countries. In most cases, recording users\u2019 actions without their consent is illegal. Stalking software perfectly fits this description. But it is important to understand that the legal liability for such stalkerware can lie with the person using it rather than its developer.<\/p>\n<p>Thus, stalkerware exists in a kind of gray area. The combination of functions that make up stalkerware is definitely illegal at least in some jurisdictions, but many countries do not directly forbid its development and distribution. However, it is becoming more regulated. For example, in April 2021, the U.S. Federal Trade Commission for the first time <a href=\"https:\/\/www.ftc.gov\/news-events\/news\/press-releases\/2021\/12\/ftc-finalizes-order-banning-stalkerware-provider-spyware-business\" target=\"_blank\" rel=\"nofollow noopener\">banned an app developer from selling stalkerware<\/a>.<\/p>\n<p>Nevertheless, surveillance apps are actively distributed online. In rare cases, you can even download stalkerware from official marketplaces. It usually presents itself as an anti-theft or parental-control app. These types of applications have similar functions to stalkerware, but there\u2019s a distinct difference: stalkerware operates hidden from users and without their consent.<\/p>\n<h2>How to protect yourself against stalkerware<\/h2>\n<p>There are a few things you can do to lower the risk of getting stalkerware onto your device:<\/p>\n<ul>\n<li>Set a complex alphanumeric password of at least eight characters on your phone. Do not give it to anyone! Change your password regularly \u2014 for example, every few months.<\/li>\n<li>Be careful about who has physical access to your phone. Leave it unattended as little as possible.<\/li>\n<li>Download apps only from official stores. Always pay attention to the comments, ratings, and functions of the application.<\/li>\n<li>Install trustworthy security software on your device. Make sure that the security solution you choose can detect stalkerware. For example, <a href=\"https:\/\/www.kaspersky.com\/mobile-security?icid=gl_kdailyplacehold_acq_ona_smm__onl_b2c_kdaily_wpplaceholder_sm-team___kisa____da04049114cf37d2\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky mobile antivirus<\/a> can definitely do that.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kisa-generic\">\n<h2>What to do if stalkerware is already on your device<\/h2>\n<p>If your device battery and mobile data are running out too fast, it could be a sign that you have stalkerware on your device. Stalker applications actively use up your device\u2019s resources because they need to constantly maintain a connection with the servers controlling them. Owners of Android gadgets should also pay attention to applications having <a href=\"https:\/\/www.kaspersky.com\/blog\/android-8-permissions-guide\/23981\/\" target=\"_blank\" rel=\"noopener nofollow\">dangerous permissions<\/a>. If there are unknown names on the list, that\u2019s a serious cause for concern: you don\u2019t know who installed these unfamiliar applications, when, or why.<\/p>\n<p>Here it\u2019s worth clarifying that the risk for Android smartphones is typically higher than for iPhones, since the latter operate on a system that is much more closed in nature. However, Apple fans cannot completely relax. An iPhone can be jailbroken to bypass security restrictions, though physical access to the device is needed for that.<\/p>\n<p>You should also keep in mind that there could be stalkerware already installed on your phone should you receive it as a gift. And it doesn\u2019t necessarily have to be physically installed by the person who gifts it to you: there are companies that provide a service of installing stalkerware on new phones and delivering them in their original packaging.<\/p>\n<p>We cannot recommend that you remove a tracking app if you discover one on your phone. The stalker will sooner or later find out, which can often lead to further problems. To help protect victims from stalkerware, <a href=\"https:\/\/www.kaspersky.com\/about\/team\/great\" target=\"_blank\" rel=\"noopener nofollow\">our team<\/a> has developed <a href=\"https:\/\/github.com\/KasperskyLab\/TinyCheck\" target=\"_blank\" rel=\"nofollow noopener\">TinyCheck<\/a> \u2014 a tool which allows you to discreetly check your device for spyware. You don\u2019t install TinyCheck on your phone, but rather on a separate external device: a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Raspberry_Pi\" target=\"_blank\" rel=\"nofollow noopener\">Raspberry Pi microcomputer<\/a>. This device functions as an intermediary between your Wi-Fi router and your phone. After installation, TinyCheck analyses your device\u2019s internet traffic in real time. Based on that, you can understand if there is stalkerware on your phone: if it is sending a lot of data to known spyware servers, TinyCheck will tell you.<\/p>\n<p>You need some <a href=\"https:\/\/www.kaspersky.com\/blog\/tinycheck-detects-spyware-stalkerware\/38030\/\" target=\"_blank\" rel=\"noopener nofollow\">technical knowledge<\/a> to use TinyCheck, and using it at home can be risky and unproductive. The good news is that nonprofit organizations use this tool to help victims of domestic violence. And not only nonprofits \u2014 for example, law enforcement agencies in the UK also use TinyCheck to help victims of abuse.<\/p>\n<p>That\u2019s what honorary member of the Stop Gender Violence Association Bruno P\u00e9rez Junc\u00e1 thinks about TinyCheck: \u201cI have been with gender violence associations for many years and TinyCheck is what the victims and the general population need. TinyCheck is similar to an antigens test, a quick, economic and reliable test to perform an initial inspection to identify a mobile infection.\u201d<\/p>\n<p>If you\u2019ve read this text and you now suspect that there is stalkerware on your device, to protect yourself we recommend the following:<\/p>\n<ul>\n<li>Contacting a local support group. You can find a list of them on the <a href=\"https:\/\/stopstalkerware.org\/resources\/\" target=\"_blank\" rel=\"nofollow noopener\">Coalition Against Stalkerware website<\/a>;<\/li>\n<li>Not attempting to remove any stalkerware yourself. The person who installed it might switch from digital abuse to physical violence.<\/li>\n<\/ul>\n<p>In closing, we would like to state that the Kaspersky team is open to collaboration with organizations that work to protect victims of domestic violence.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is stalkerware, how widespread is the problem, and what is the relationship between domestic and digital abuse.<\/p>\n","protected":false},"author":2684,"featured_media":44096,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1788],"tags":[4316,43,3181,812],"class_list":{"0":"post-44093","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-privacy","8":"tag-digital-abuse","9":"tag-privacy","10":"tag-stalkerware","11":"tag-tracking"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/stalkerware-in-2021\/44093\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/stalkerware-in-2021\/24038\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/stalkerware-in-2021\/19525\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/stalkerware-in-2021\/9871\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/stalkerware-in-2021\/26363\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/stalkerware-in-2021\/24307\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/stalkerware-in-2021\/24659\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/stalkerware-in-2021\/27074\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/stalkerware-in-2021\/26623\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/stalkerware-in-2021\/33062\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/stalkerware-in-2021\/18759\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/stalkerware-in-2021\/28464\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/stalkerware-in-2021\/24945\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/stalkerware-in-2021\/30387\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/stalkerware-in-2021\/30155\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/stalkerware\/","name":"stalkerware"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/44093","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2684"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=44093"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/44093\/revisions"}],"predecessor-version":[{"id":44095,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/44093\/revisions\/44095"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/44096"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=44093"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=44093"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=44093"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}