Stalkerware
Spyware and stalkerware are similar, yet not the same. Both are types of malware used to track a person’s activity on a device. But stalkerware is a more personal way of invading another person’s privacy. Stalkerware has to be physically installed, meaning that the attacker has to have direct access to the devices they are trying to compromise. Stalkerware is most likely used by a parent or partner.
Stalkerware is less likely to masquerade as something else entirely. Not always. In some cases it claims to be a child protection app, featuring disguise, in which case it is clear it is used to spy on a partner without him/her knowing. Even without, when intended to track children’s activities, its intent is always considered malicious, as it invades privacy.
With stalkerware installed on another person’s device, the adversary can activate the camera or microphone, view login details to different accounts, and sometimes even intercept phone calls.
Growing list of found stalkerware
| Tool | Claims | Platform |
|---|---|---|
| mSpy | Chats, photos, videos, and location. | Android and iOS |
| XNSPY | Photos, videos, and social media chats | Android |
| eyeZy | Feature-heavy phone spying app | Android and iOS |
| ClevGuard | Activities | Android, iOS, and Windows |
| SpyBubble | Real-time complete phone tracking | iOS and Android |
| Cocospy | Control and Remote Surveillance | Android and iOS |
| uMobix | Remote streaming of audio and video | Android and iOS |
| Hoverwatch | Full-Featured Invisible Android Tracker | Android and iOS |
| FlexiSPY | Emails, IM and browser activity | Android |
| pcTattetale | Activities | Android & Windows |
| TheOneSpy | Activities including live streaming | Android |
| Spyine | Monitoring smartphone in stealth mode | Android and iOS |
| TheWiSpy | Tracking location and monitoring files | Android |
Detection
Stalkerware is designed to be stealthy so that the victim never realises their smartphone has been infected. Many of the usual tell-tale signs of spyware (unwanted pop-ups, slow performance, over-heating) are not present with stalkerware.
Mitigation
Use a security app to scan the device. If you find stalkerware, report it to law enforcement (may not always and everywhere be an option).
Prevention
Equip devices with a password, fingerprint login, or similar. This adds an extra layer of protection, as stalkerware cannot be remotely installed.
Use routine malware scans (security app).