Recently, the tech world saw a small insurgence of stalkerware on smartphones; however, it’s not wholly clear what “stalkerware” is. What is stalkerware, and why is Android a primary target right now?
Let’s break down stalkerware, how to detect it, and how it’s spread.
What Is Stalkerware?
Stalkerware is a kind of malware that records data being entered into a device and sends it to a third party that’s supplied to the program on installation. Stalkerware acts without the victim knowing that it’s harvesting their information; as such, it’s a breach of privacy and regarded as an unwanted program.
Stalkerware can track different kinds of information. For example, one can monitor the victim’s SMS messages, while another beams the target’s location back home. As such, the design of each stalkerware changes depending on what it is designed to track.
Isn’t Stalkerware Just Spyware?
For people apt with malware, this all may sound very familiar. Stalkerware sounds a lot like spyware, a term which includes programs such as keyloggers and clipper malware. What makes stalkerware any different to spyware?
The main difference is that spyware sneaks onto systems under the guise of a legitimate program, and sends the data to an unknown malicious agent. Stalkerware, on the other hand, openly advertises its features to potential customers, and sends the data to an email address the user provides.
As you may have guessed, stalkerware is not meant to be installed on the user’s system; they’ll just be logging themselves! Instead, the user installs it on someone else’s device that they want to track. This is the main difference between spyware and stalkerware; spyware is downloaded by accident, while stalkerware is deliberately installed on devices the user wants to track.
As such, stalkerware’s primary market is people who don’t wholly trust someone else. For example, a suspicious spouse may install an SMS reader on their partner’s phone to ensure they’re not cheating. Similarly, a parent may install stalkerware on their child’s phone to monitor their web browsing.
With all these different terminologies flying around, it can be confusing to keep track of all the cybersecurity terms. If you struggle with the basics, be sure to study up on viruses, spyware, malware, and other online threats.
How Stalkerware Arrived on Android
So why are we bringing Android into the mix? The answer lies in a recent report from Z6Mag that Google has taken down seven stalkerware apps. Each one had a marketing angle aimed at a specific niche.
The names of the apps, as reported by Z6Mag, are as follows:
- Track Employees Check Work Phone Online Spy Free
- Spy Kids Tracker
- Phone Cell Tracker
- Mobile Tracking
- Spy Tracker
- SMS Tracker
- Employee Work Spy
Unfortunately, Google Play has proven itself several times in the past to harbor malicious apps. For instance, the Google Play store harbored clipper malware on the Android store at one point.
What the Stalkerware Did
While these apps are now long gone, remnants of advertising from when they were active still linger. These give some insight into how these apps work and why Google took them down. Let’s take a look at two examples to see what these apps did.
The SMS Tracker App
Some of the apps listed above do as they say in the name. SMS Tracker, for instance, did track SMS messages. However, if you read SMS Tracker’s marketing copy, you’ll find even more scary spying tools that came bundled with the stalkerware.
The advertisements marketed the app as a means of parents to keep track of their children. It achieved this goal by logging and sending concerned parents details of everything the child did. These logs included SMS messages, contact lists, phone logs, web browsing history, and even their location via GPS.
The Employee Work Spy App
Employee Work Spy worked in a similar way to SMS Tracker but took a more business-focused approach with its advertising. It would record all SMS, voice, and location activity of business smartphones so that bosses could keep tabs on their workers.
The developers of the app claimed that this would prevent employees slacking off, leaking information, or—ironically enough—performing espionage. Employee Work Spy at least stated in the description that workers should receive a warning of the app’s installation before distributing the phones.
Stalkerware’s True Intentions
As you can see, stalkerware usually has good intentions; it’s never there to harm or steal from people. The main focus of the above apps was to check on people and even protect them from harm.
Unfortunately, while the heart of the app is in the right place, their methods aren’t ethical in the slightest. These spying tools cause a massive breach of privacy and are the main reason why stalkerware has the malware label.
How Stalkerware Covers Its Tracks
Of course, these apps had to be discreet with what they do. If a user finds an app called “SMS Tracker” on their phone, they’re likely to uninstall it.
As such, when the user runs the app, it downloads additional spying tools and installs them in a way that’s independent of the main app. Then, the user uninstalls the app to cover their tracks while the spying tools continue to work in the background. This feature makes it very hard to tell if your device has a stalkerware infection.
Not Just an Android Problem
Unfortunately, stalkerware is not just an Android issue. Any device that can have custom software run on it can theoretically suffer a stalkerware infected. Employee’s PCs can have it installed to check on how they use their work time, for instance.
FlexiSpy is a good example of this. It was sold to jealous lovers who wanted to monitor their partner’s PC or mobile phone, and the developers made an entire business out of digital stalking.
How to Stop Stalkerware
The problem with stalkerware is that it won’t show up on your app list if you hunt for it. That’s because the person who originally downloaded the malware deleted the main app to cover their tracks. The “remnants” of it are what is silently working in the background, tracking all of your data.
Unfortunately, if you use an antivirus program that can’t identify stalkerware, it will report a clean scan on an infected device. That’s why it’s a good idea to do some research and find an antivirus that can tackle stalkerware. Kaspersky, for example, has updated its antivirus to find and remove this menace.
If you want to ensure your device is clean of stalkerware, a factory reset is the best option. A full reset will clear out the remnants of the original app and allow you to get your privacy back. It’s more of a hassle than running an antivirus, but there’s no chance of any remnants lurking undetected in the background.
If a factory reset would be too troublesome, be sure to read about how to remove an Android virus without resorting to a factory reset.
Once you’re sure your phone is clean, you should lock down your phone to prevent the culprit from re-installing it. Put a strong password on your phone and keep it on your person at all times so it doesn’t get reinfected.
Protecting Your Phone From Stalkerware
Stalkerware is a serious problem which can cause a huge privacy breach for its victims. While there is no certain way to tell that it’s installed on your system, it’s easy to remove any traces and prevent reinfection.
If you need a decent antivirus, be sure to try out the best antivirus apps for Android.