Story image

'Stalkerware': The new name for spying tools & online harrassment

26 Nov 2019
Twitter
Facebook

The term ‘stalkerware’ is something that most people may not be aware of, but it’s dangerous enough that a group of cybersecurity providers have banded together to do something about it.

Formed by founding partners such as Malwarebytes, Avira, Kaspersky, and Norton, the Coalition Against Stalkerware is a new pact to protect people from domestic violence, stalking, and harassment.

One of the group’s aims is to raise awareness of stalkerware and educate people about it. So what is stalkerware?

The Coalition against Stalkerware explains that the definition of stalkerware is “software, made available directly to individuals, that enables a remote user to monitor the activities on another user’s device without that user’s consent and without explicit, persistent notification to that user in order to intentionally or unintentionally facilitate intimate partner surveillance, harassment, abuse, stalking, and/or violence.”

Stalkerware is also defined through four criteria:

  • Apps that are capable of tracking affected users, monitoring affected users’ behavior, viewing and/or recording affected users’ activity, and/or remotely controlling affected devices without affected users’ continuous consent and/or knowledge;
  • Apps that facilitate spying and monitoring without consent by hiding that they are installed, hiding their activity, and/or using a different name on affected devices after installation;/li>
  • Apps  – whose core functionality involves data exfiltration in the background – that share sensitive data of affected users (e.g., location data, contacts, call/text logs, browser history, etc.) with a remote user without the explicit consent of, and persistent notification to, affected users;
  • Apps that market themselves as being for spying and/or surveillance.

Stalkerware is now such an issue that there are more than 26,000 samples of stalkerware programs lurking. MobileTool, iSpyoo, FlexiSpy and Reptilucus are just a few of these programs.

While many of these programs operate under the pretense of child tracking apps, most are used to spy on adults, according to the group.

What’s more, stalkerware is generally illegal to use for spying purposes.

A study by the NortonLifeLock Research Group, Cornell Tech and New York University analysed billions of app installations on 50 million Android devices.

They used an algorithm called CreepRank to determine how many of those apps could be classed as ‘creepware’, which is another name for stalkerware.

“The findings from our manual coding analysis showed that 857 of CreepRank’s top 1,000 apps qualify as creepware, fulfilling a clear purpose pertaining to interpersonal attack or defense,” the researchers state.

“Overall, CreepRank identified more than a million installs of diverse creepware apps, including apps that enable spoofing (114 apps), harassment (80, including SMS bombers), hacking tutorials (63), and many more.”

The researchers believe that creepware is a widespread problem and it will be difficult to keep it out of app stores.

“New apps tend to rise in the place of removed apps, and developers attempt to obfuscate their app’s purpose in order to evade policy enforcement,” they state.

In other words, they will avoid using certain words like ‘spy’ to get around possible blocks administered by app stores. Researchers suggest automated creepware detection that is manually verified by people, and eventually training AI to identify creepware threats.