This is a reprint of an article from Scambuster.org. We all need to be diligent in protecting our privacy.
Cyberstalkers
have a new weapon in their efforts to virtually follow their victims —
stalkerware.
Yes, that’s right — software whose sole purpose is to enable these crooks to spy
on their victims. And with people using their mobile devices more than ever,
thanks to the Covid-19 lockdown, we’re likely to see an increase in this
behavior.
Street stalkers are less likely to be on patrol these days because they either
can’t easily see their victim or because their cloak-and-dagger activities will
be much more visible.
We define online stalking as the use of the Internet for monitoring and, often,
harassing an individual. It involves all kinds of sinister motives including
scamming victims, stealing their identity, blackmailing, bullying, and
intimidation.
But in this case, we’re talking about programs that are planted on your
smartphone that are capable of seeing and hearing everything you do, and where
you do it, and then reporting back to whoever put it there.
Just a few weeks ago, the US Federal Trade Commission (FTC) reached a deal with
one maker of stalking software to stop them from selling tracking apps that
could be installed on a victim’s mobile devices and then send back information
about them without their knowledge or permission.
But the firm is by no means the only one offering stalkerware.
Internet security firm Malwarebytes calls the software “both murky and
dangerous.”
“Stalkerware can see all the things you see on your device, hear all the
things you hear, pinpoint your physical location, and even remotely control
your camera and microphone,” explains Malwarebytes’ Wendy Zamora.
“Calls can be intercepted, eavesdropped on, and recorded — all without
the knowledge of the device owner.”
Stalkerware is openly available, often posing as software for parental
monitoring of teens, but also promoting its ability to keep an eye on
activities of spouses and other partners.
In fact, provided the stalker can install it on others’ phones — even friends
and colleagues for example — it can spy on anyone.
There’s evidence, for example, that some companies have been using the software
on business phones to keep tabs on employees.
Getting Around Built-in Security
The
programs have been able to get around built-in security on some smartphones
during installation — one of the reasons the FTC stepped in — and can
sometimes skirt the law by appearing to have a legitimate purpose.
Even Internet security software may not block its activities. Malwarebytes, for
instance, catalogs stalkerware as a “potentially unwanted program” or
PUP and quarantines it, allowing the user to decide if it should be kept.
One imagines most users would immediately want it removed, but some users simply
ignore notifications from their security software.
States and federal authorities have to rely on laws that weren’t originally
written to defend against cyberstalking, which has sometimes left them in a
difficult position to tackle the stalkerware producers.
Using it to track spouses has been described as “domestic abuse” by
the National Domestic Violence Hotline.
Global media site Vice.com claims tens of thousands of people are unwitting
targets of cheap spyware anyone can buy.
According to the site, the company halted by the FTC was hacked a couple of
years ago, with the stolen data showing how ordinary folk had bought the
software to track the activities of others.
The firm had 130,000 account holders. They each paid between $50 and $200 a
month for this covert surveillance.
“The breaches highlight how consumer surveillance technology, which shares
some of the same capabilities and sometimes even the same code as spy software
used by governments, has established itself with the everyday consumer. And it
would appear no small number of people are willing to use this
technology…” says Vice.
The stolen data apparently showed personal images including some of children.
What to Do
Monitoring software has been around for a while, but
its use has rocketed according to Malwarebytes — up almost tenfold in the past
five years. And in a single three-month period, the security firm identified
more than 2,300 active programs.
Even if the stalkerware does have a seemingly legitimate purpose of tracking
kids, security flaws in tracking software have enabled records to be hacked and
often sold on.
It’s not always easy to check if you have certain cyberstalker apps installed
but a surge in your phone’s data usage could be a giveaway, or if your battery
drains quicker than usual.
But installing security software on your device — many people have
anti-malware software on their PCs but not on their smartphone — should flag
up the presence of snooping software.
Install it, run a scan, and then select and either block or uninstall the
program. If you don’t want to do this — say it’s an employer phone — at least
be aware of it or take professional advice on how to deal with it.
From then, or if the phone is “clean,” it’s up to you to manage
access to your mobile device, including keeping passcodes confidential.
Cyberstalker software is, of course, only one element of online stalking, and
some other types, such as creating false identities to monitor individuals’
social media, are equally dangerous.
We wrote about this a few years ago and it’s worth checking out this earlier
report outlining 15 steps to take to avoid cyberstalkers generally: https://scambusters.org/cyberstalking.html.
