Malwarebytes reports that spyware detections rose 1,677% between January 1 and June 30 in 2020. But what is spyware, and why is it a potential threat to your organization’s security?
If you think nobody is looking at what you are doing on your computer or your mobile device, then you’re probably wrong. Spyware is a type of malware (or malicious software) that’s explicitly designed to monitor your activities — online and offline. And it’s a very common type of malware to come across in this internet age.
But what is spyware in a more technical sense, and why is it a concern for businesses? We’ll define what spyware is and how it works before sharing specific spyware examples.
What Is Spyware? A Quick Spyware Definition
So, how would we define spyware? Spyware is a category of malware that secretly infiltrates your device to record your online activities and collect your sensitive information. Cybercriminal use spyware to steal information they can use to track you without your knowledge or commit cybercrimes. In some cases, they use spyware to collect and sell your data to advertisers, data firms, or other interested parties without you being any the wiser.
Spyware is the James Bond or Jason Bourne of the malware world. This malware allows bad guys to access your sensitive data and information — typically without your knowledge, hence the name. Cybercriminals collect and use this data for their own benefit, or they may choose to turn around and trade or sell it to other threat actors for profit.
Spyware is typically used to collect many types of data from victims, including:
- User account login credentials (usernames and passwords),
- Credit card details,
- Personally identifiable information (PII),
- Account PINs,
- Banking details,
- Clipboard data,
- Browsing habits and other online behaviors, and
- Email addresses.
Your sensitive business data is a valuable commodity for hackers and other types of cybercriminals. This data includes everything from intellectual property or trade secrets to customers’ and employees’ personal (sensitive) information. Needless to say, your IT systems are a rich source of information for cybercriminals.
Sometimes, spyware is used for relatively harmless activities like selling the victim’s preferences to advertisers. However, in some cases, data theft leads to grave crimes, including:
- Identity theft,
- Monetary theft and other types of financial fraud,
- Theft of credentials and login details,
- Stealing credit card info,
- Recording info and keystrokes,
- Planting other types of malware in the device of the victim.
Spyware Detections Are on the Rise
Malwarebytes, which categorizes spyware as one of two types of “stalkerware-type detections” in its 2021 report, observed that consumer spyware detections rose 24% to 2.43 million in 2020 (up from 1.96 million in 2019). On the other hand, the business spyware detections increased 51% from 291,525 in 2019 to 440,368 detections in 2020.
The report also noted a massive spike of 780% in “Monitor” app detections (which is the other type of stalkerware-type detections Malwarebytes identifies) between January 1 and June 30 in 2020.
Types of Spyware
Described as one of Norton’s most common threats on the internet, spyware can be very difficult to detect, identify, and remove. Some types of spyware are neutral, while many others are dangerous. Sometimes employers use keyloggers and other types of spyware to monitor their remote employees’ activities, take periodic photos of the employees, or take screenshots after every few minutes.
The two overarching purposes of spyware are to:
- Monitor and track users’s online activities and behaviors,
- Steal users’ sensitive personal information (such as their usernames and passwords).
Several types of spyware fall within one of these two categorical purposes. Let’s look at the main categories of spyware to understand it more:
Adware can sometimes fall within the category of spyware because it monitors and records your browsing history to know what you’re interested in. The collected data is then used to display relevant advertisements to you. The advertisers will pay for this data as the chances of converting data into a sale is high if they can send you the relevant advertisements. Mainly used for marketing purposes, the adware can slow down the speed of your computer.
Trojan spyware is used for more malicious purposes that include stealing your data, infecting your device with adware, and stealing your sensitive information. They are called trojans because they are disguised as harmless software updates or email attachments. Java or Flash player updates are commonly used as trojan horses for delivering spyware.
Cookies are files that install in your web browser to track specific types of information about users and their internet usage. They’re typically not considered a type of spyware. So, why do we include it here? Privacy.net argues that some types of tracking cookies, or more specifically “third-party persistent cookies,” are sometimes identified as a type of spyware. Website cookies keep track of your web searches, login information, online activities, and your history for marketing purposes.
Keyloggers are malware programs that record each and every keystroke you make. Once installed, it creates a record of everything you type on your computer or mobile device. Criminals infect your computer with keyloggers to spy on your every activity.
Sometimes, keyloggers are used as legitimate surveillance tools by employers or for feedback for software development. However, in the hands of criminals keyloggers, they’re purely malicious. From stalking to stealing sensitive information, keyloggers can be a cause of extensive damage to victims.
Browser hijackers are a type of malware that make changes to the browser settings of the victim’s device without their permission to inject unwanted content. They might even replace the home page or the search page with a fake page to hijack online searches. They can also direct the victim’s search to specific websites to earn higher advertising revenue. Sometimes, browser hijackers contain spyware to steal the victim’s banking and credit card information.
If you look closely, you will observe that the advertisements are targeted and fabricated for you personally. If you are looking for a good pair of boxing gloves, you’ll see boxing gloves everywhere, including your social media advertisements, shopping apps, and even your newsfeed ads. This is a typical example of adware. Your search and your tastes are sold to the advertiser to show tailormade pop-ups for you.
- NSO Group Spyware: This first item on our list of spyware examples demonstrates when spyware has a more sinister face. The Guardian reported WhatsApp accused the NSO Group, an Israeli spyware company, of hacking its 1,400 users. The list of users includes journalists, human rights activists, diplomatic officials, and even a Catholic priest in Togo. They were being targeted because of their activism against the government of Togo.
- Android Spyware targets Pakistani users: In January 2021, Sophos discovered spyware targeting Android users in Pakistan. Trojanized versions of several legitimate apps, including the Pakistan Citizen Portal, were marketed as legitimate applications. The developers of the legitimate apps were not even aware that their malicious versions existed. These malicious apps collected data from victims’ devices. The information collected was transmitted to many command-and-control servers located in Eastern Europe.
- Android malware masquerades as a fraudulent system update: In March 2021, Android malware was found bundled in a phony system update. Users who installed this imposter system update downloaded the malware from outside the Google Play Store. Once installed, this malware will collect the data from the victims’ devices. This spyware could:
- Steal users’ messages, contact details, and search histories,
- Use the device’s camera to take photos,
- Steal device specifications and search histories, and
- Record calls and sounds using the infected devices’ microphones.
- Software supply-chain spyware attack: In February 2021, cyber security researchers discovered a new supply chain attack targeting online gamers via the Android emulator NoxPlayer. Cybercriminals used the platform’s update mechanism to deploy three malicious payloads onto unsuspecting users’ devices. Considering that NoxPlayer has more than 150 million users in 150 countries globally, this is a large pool of potential targets.
Moreover, other types of spyware use the camera of your phone, your laptop, or any other device to spy on you. The microphone of your mobile devices is also used to spy on you. Bloomberg reported that Facebook was watching Instagram users through their cameras. This allegation can cause a stir among millions of Instagram users if proved.
How to Prevent Spyware
With all of this in mind, what can you do to protect your business’s devices and data from spyware? Here are a few quick tips you can implement right away:
- Use good device and network security tools to protect your IT systems. Having a good firewall and strong antivirus or anti-malware tools can go a long way in helping to secure your business against many types of malware, including spyware.
- Download apps, games, and software from legitimate sources: It is a huge mistake to download apps, games, and software from shady sources. Just use official stores like Google Play Store and Apple App Store. Third-party stores and file-sharing sites are often home to different kinds of malware. Although you’ll typically pay a higher price for official software, it’s one way to keep your devices and network more secure.
- Check the code signing certificate of software before downloading: Software developers and manufacturers use code signing certificates to assure users that their software is legitimate and that its code hasn’t been changed since it was signed. You should always check this certificate before downloading software onto your desktop or laptop devices.
- Ensure your software, hardware, and other IT systems are patched and up-to-date. Running outdated or unpatched software or technologies is a huge no-no. Updates and patches are a way for companies to fix vulnerabilities and bugs — and not applying those updates leaves your device and network as a whole at risk.
- Help your employees become “cyber savvy” through awareness training. When it comes to your organization’s cyber security, your employees can be either your biggest asset or vulnerability. The answer often depends on their level of cyber awareness. Employees who can recognize threats and cyber risks can help keep your data and IT systems out of reach of cybercriminals.
Final Words on Spyware:
The game we used to play as children, “I spy with my little eye…” has reached a whole new level with the invention and spread of social media and spyware software. Free apps, free software, and other freebies enter your system stealthily and stay there to spy on you. The terms and conditions you accept without reading, the cookies you accept, and the permissions you give to the apps all build up a base from which spying on you is a cakewalk.
Data is valuable — cybercriminals and companies alike use spyware to gain access to that information. They want to know what people are interested in and doing online. User data forms a base from which a person can change or manipulate public opinion. A sophisticated system can be designed to control the fate of democracies by influencing how people vote.
Christopher Wylie, the Cambridge Analytica whistle-blower, shares his view on the value of data and how its uses vary depending on the context:
“Data is morally neutral. I can take a knife and hand it to a chef to make an amazing meal, or murder someone with it. The tool is morally neutral, it’s the application that matters.”