Today, there are numerous forms of malware that can be used against you, including spyware. This kind of malicious program can monitor and track victims, and also has a commercial presence. So, what is commercial spyware, and how is it being used?

What Is Commercial Spyware?

As the name suggests, commercial spyware refers to spyware programs that can be bought for use. Spyware can be very useful in benign scenarios. For instance, if a parent wanted to monitor their child's activity online (though the ethics around doing this are heavily debated). Alternatively, a cybersecurity company may use spyware to keep track of dangerous parties that pose a threat to other internet users.

But, like many technologies, spyware has also been leveraged by malicious groups, as it provides the ability to monitor someone's digital activity from afar.

Keystrokes, browsing habits, and other kinds of data can be harbored via spyware, meaning that someone can look into your life without your knowledge. For example, a victim may type their payment details or login credentials into a website, which can directly be seen by the attacker. Even if the password is hidden, the ability to log keystrokes via keylogger tools allows the attacker to see it in any case.

Alternatively, an attacker could view your emails and other communications, essentially eavesdropping on private conversations that may contain sensitive information. Even your geographical location can be determined via the use of spyware.

Commercial spyware often comes in the form of applications or scripts that allow the user to spy on the targeted individual. You can even find spyware on legitimate app platforms, such as Google Play and the Apple App Store.

Commercial spyware is also often referred to as stalkerware. However, some see a difference between the two, as the former is used in a less personal way by casting a wider net, while the latter is more for use against people the operator knows.

Examples of Commercial Spyware

person standing in front of bright digital background

When it comes to strains of spyware, Pegasus is a particularly well-known example. Pegasus was created by Israel's NSO in 2011 to allegedly collect private and sensitive data, mainly from cell phones. The NSO has always said that Pegasus is only used to fight crime and terrorism, but this claim has been subject to a lot of skepticism over the years.

Pegasus is capable of stealing a wide range of data, including browsing history, passwords, videos, call logs, and more.

In 2022, the NSO even began considering the sale of its Pegasus spyware to national governments to help ease financial troubles. Pegasus has always been sold to various legitimate parties, such as branches of the law, but a new wave of concern has arisen over the NSO's possible sale of this spyware to certain governments that are known for their sub-par human rights laws. Namely, allegations have been made that Pegasus is being used in some nations to target political activists.

A wide range of countries has been alleged to use Pegasus, Armenia, El Salvador, Estonia, and Hungary. But Pegasus isn't the only popular type of commercial spyware out there. FinSpy (or FinFisher), a surveillance software developed in Germany by FinFisher GmbH, has been identified in use in a number of countries, including Turkey, Bahrain, and Ethiopia.

FinSpy can steal an array of data on an infected device, and can even perform functions on it. For example, FinSpy could activate a device's microphone or camera to make recordings without the owner's knowledge.

The Use of Commercial Spyware

close up shot of person's eye and eyebrow

What's particularly concerning about commercial spyware is that it can be, and has been, used by national governments. While spyware can certainly be used for good, such as to fight crime, it can also be used in more illicit ways to target politicians, journalists, and human rights activists.

As previously touched upon here, spyware could be leveraged against controversial figures, such as human rights activists or politicians, to get a better idea of their digital activity, and therefore see into other elements of their lives.

Let's take another look at Pegasus to further understand this. In 2022, the Spanish northeastern region of Catalonia came into contact with spyware. At this time, it was found that at least 65 Catalan politicians and activists had been targeted by this spyware (as reported by Politico). Even the president of the Catalan government, Pere Aragonès, was targeted. Aragonès stated that the scheme was an "operation of mass espionage against Catalan independence".

FinSpy, another previously mentioned strain of commercial spyware, also seems to have illicit undertones. As reported by Amnesty, Egyptian protestors allegedly found sale contracts for FinSpy to the Egyptian authorities.

Can You Protect Against Spyware?

wall filled with black cctv cameras facing downward

It's incredibly hard to completely shield your devices from malware, including spyware. You'll never be able to 100 percent guarantee protection, but you can take multiple steps to remain as safe as possible.

The first and maybe the most obvious step is to install a reputable antivirus program on your devices. Make sure the program you choose is well-reviewed and offers the correct features for you (such as firewalls, VPNs, daily scans, etc.).

It's also a good idea to routinely check your phone or other devices for suspicious apps. The presence of an app that you've never installed on your phone may suggest that someone has equipped your device with spyware in order to monitor your activity or steal your data.

On top of this, keeping your operating system up to date is beneficial, as software updates can weed out bugs and other code flaws that a cybercriminal could exploit.

Avoiding suspicious downloads is also a must. Downloading a file or app from the internet can be very risky, as there's no knowing what you're really opening the door to. Many kinds of downloadable files online are actually equipped with malware, including spyware. Try to stick to thoroughly reviewed apps and legitimate app vendors, and steer clear of any files that haven't been provided by a trusted party.

Commercial Spyware May Pose a Risk to Millions

Commercial spyware has already been used by governments and law enforcement in various countries, with some targeting certain individuals with this dangerous malware. There's no knowing how commercial spyware will continue to be used in the future, but its capabilities may put many individuals at risk of being monitored without their knowledge.