Malwarebytes teams up with security vendors and advocacy groups to launch Coalition Against Stalkerware

Malwarebytes teams up with security vendors and advocacy groups to launch Coalition Against Stalkerware

Today, Malwarebytes is announcing its participation in a joint effort to stop invasive digital surveillance: the Coalition Against Stalkerware.

For years, Malwarebytes has detected and warned users about the potentially dangerous capabilities of stalkerware, an invasive threat that can rob individuals of their expectation of, and right to, privacy. Just like the domestic abuse it can enable, stalkerware also proliferates away from public view, leaving its victims and survivors in isolation, unheard and unhelped.

The Coalition Against Stalkerware is the next necessary step in stopping this digital threat—a collaborative approach steered by the promise of enabling the safe use of technology for everyone, everywhere. The coalition includes representatives from cybersecurity vendors, domestic violence organizations, and the digital rights space.

Our coalition’s founding members are Malwarebytes, Avira, Kaspersky, G Data, Norton Lifelock, National Network to End Domestic Violence, Electronic Frontier Foundation, Operation Safe Escape, WEISSER Ring, and the European Network for the Work with Perpetrators of Domestic Violence. Martijn Grooten, editor of Virus Bulletin, is serving as a special advisor.

Already, the coalition has produced results.

In the past month, both Malwarebytes and Kaspersky shared research and intelligence on stalkerware with one another. This exchange has improved the detection rate for both our products, but more than that, it has improved the safety of users everywhere.

Further, coalition members have taken on the task of defining stalkerware and creating its detection criteria, crucial steps in empowering the cybersecurity industry to better understand this threat and how to fight it.

Finally, the coalition’s website, StopStalkerware.org, includes information for domestic abuse survivors and advocates, including links to external resources, information about state laws, recent news articles, and survivors’ stories.

With this group, we are making a call to the broader cybersecurity industry: If you have ever made a promise to protect people, now is the time to uphold that promise. Stalkerware is a known, documented threat, and you can help stop it.

Join our fight. You’ll be in good company.

Our journey against invasive monitoring apps

In 2019, Malwarebytes began a recommitment to detecting and stopping apps that could invasively monitor users without their knowledge. These types of programs, which we classify as “monitor” or “spyware” in our product, can provide domestic abusers with a new avenue of control over their survivors’ lives, granting wrongful, unfettered access to text messages, phone calls, emails, GPS location data, and online browsing behavior.

In this effort, we’ve analyzed more than 2,500 samples of programs that had been flagged in research algorithms as potential monitoring/tracking apps or spyware. We grew our database of known monitoring/spying apps to include more than 100 applications that no other vendor detects and more than 10 that were, as of October 1, still on the Google Play Store.

Further, we’ve written multiple blogs for domestic abuse survivors and advocates on what to do if they have these types of apps on their phones, how to protect against them, and how organizations supporting victims of stalking can secure their data. In the summer, we also offered cybersecurity advice to domestic abuse advocates and survivors for the National Network to End Domestic Violence’s Technology Summit in San Francisco.

We are proud of our work, but we cannot ignore an important fact—it was not conducted in isolation.

Our blogs relied on the expertise of several domestic abuse advocates, along with the published work of researchers in intimate partner violence and digital rights. Our invitations to local community justice centers were as much about presenting as they were about learning. Our meetings with local law enforcement taught us about difficulties in collecting evidence of these invasive apps, and how domestic abusers can slip through the cracks of legal enforcement.

Every time we reached out, we learned more and we improved. With the Coalition Against Stalkerware, we hope to deepen these efforts.

ABOUT THE AUTHOR

David Ruiz

Pro-privacy, pro-security editor. Former journalist turned advocate turned cybersecurity defender. Still a little bit of each. Failing book club member.