All about spyware
When you go online, don’t assume that your privacy is secure. Prying eyes often follow your activity—and your personal information—with a pervasive form of malicious software called spyware. In fact, it’s one of the oldest and most widespread threats on the Internet, secretly infecting your computer in order to initiate a variety of illegal activities, including identity theft or a data breach. It’s easy to fall prey to and can be hard to get rid of, especially since you’re most likely not even aware of it. But relax; we’ve got your back with all you need to know about what spyware is, how you get it, what it tries to do to you, how to deal with it, and what to do to avoid future spyware attacks.
What is spyware?
Spyware. Although it sounds like a James Bond gadget, it’s actually a type of malware that infects your PC or mobile device and gathers information about you, including the sites you visit, the things you download, your usernames and passwords, payment information, and the emails you send and receive.
No big surprise—spyware is sneaky. It finds its way on to your computer without your knowledge or permission, attaching itself to your operating system. You might even inadvertently permit spyware to install itself when you agree to the terms and conditions of a seemingly legitimate program without reading the fine print.
Whatever way spyware manages to get on your PC, the method of operation is generally the same—it runs quietly in the background, maintaining a secret presence, collecting information or monitoring your activities in order to trigger malicious activities related to your computer and how you use it. And even if you discover its unwelcome presence on your system, Spyware does not come with an easy uninstall feature.
“Spyware runs quietly in the background, collecting information.”
How do I get spyware?
Spyware can infect your system in the same ways as any other form of malware. Here are a few of spyware’s main techniques to infect your PC or mobile device.
- Security vulnerabilities, e.g. backdoors and exploits. An exploit is a security vulnerability in your device’s hardware or software that can be abused or exploited to gain unauthorized access. Software vulnerabilities are also known as “software bugs” or just “bugs” for short. Exploits are an unintentional byproduct of hardware and software manufacturing. Mistakes happen and bugs manage to find their way in to even the most polished consumer technology. Backdoors, on the other hand, are put in place on purpose as a way to quickly gain access to your system after the fact. Sometimes the hardware and software makers themselves put the backdoors in. More often than not, however, cybercriminals will use an exploit to gain initial access to your system then install a permanent backdoor for future access.
- Phishing and spoofing. These two threats are often used in tandem. Phishing happens whenever criminals try to get you to perform some sort of action such as clicking a link to a malware-laden website, opening an infected email attachment (aka malspam), or giving up your login credentials. Spoofing refers to the act of disguising phishing emails and websites so that they appear to be from and by individuals and organizations you trust.
- Misleading marketing. Spyware authors love to present their spyware programs as useful tools to download. It might be an Internet accelerator, new download manager, hard disk drive cleaner, or an alternative web search service. Beware this kind of “bait,” because installing it can result in inadvertent spyware infection. And even if you eventually uninstall the “useful” tool that initially introduced the infection, the spyware remains behind and continues to function.
- Software bundles. Who doesn’t love free software (freeware)? Except when it’s a host program that conceals a malicious add-on, extension, or plugin. Bundleware may look like necessary components, but they are nonetheless spyware, which, again, remains even if you uninstall the host application. Making matters worse, you may find that you actually agreed to install the spyware when you accepted the terms of service for the original application.
- Trojans. Broadly speaking, if malware pretends to be something it’s not—that means it’s a Trojan. That said, most Trojans today are not threats in and of themselves. Rather, cybercriminals use Trojans to deliver other forms of malware, like cryptojackers, ransomware, and viruses.
- Mobile device spyware. Mobile spyware has been around since mobile devices became mainstream. Mobile spyware is especially devious since mobile devices are small and users generally can’t see what programs are running in the background as easily as they might on their laptop or desktop. Both Mac and Android devices are vulnerable to spyware. These apps include legitimate apps recompiled with harmful code, straight up malicious apps posing as legitimate ones (often with names resembling popular apps), and apps with fake download links.
“Mobile spyware has been around since mobile devices became mainstream.”
Types of spyware
In most of the cases, the functionality of any spyware threat depends on the intentions of its authors. For example, some typical functions designed into spyware include the following.
- Password stealers are applications designed to harvest passwords from infected computers. The types of collected passwords may include stored credentials from web browsers, system login credentials, and sundry critical passwords. These passwords may be kept in a location of the attacker’s choosing on the infected machine or may be transmitted to a remote server for retrieval.
- Banking Trojans (e.g. Emotet) are applications designed to harvest credentials from financial institutions. They take advantage of vulnerabilities in browser security to modify web pages, modify transaction content, or insert additional transactions, all in a completely covert fashion invisible to both the user and host web application. Banking Trojans may target a variety of financial institutions, including banks, brokerages, online financial portals, or digital wallets. They might also transmit collected information to remote servers for retrieval.
- Infostealers are applications that scan infected computers and seek out a variety of information, including usernames, passwords, email addresses, browser history, log files, system information, documents, spreadsheets, or other media files. Like banking Trojans, infostealers may exploit browser security vulnerabilities to collect personal information in online services and forums, then transmit the information to a remote server or store it on your PC locally for retrieval.
- Keyloggers, also referred to as system monitors, are applications designed to capture computer activity, including keystrokes, websites visited, search history, email discussions, chatroom dialogue, and system credentials. They typically collect screenshots of the current window at scheduled intervals. Keyloggers may also collect functionality, allowing for stealthy capture and transmission of images and audio/video from any connected devices. They might even allow attackers to collect documents that are printed on connected printers, which can then be transmitted to a remote server, or stored locally for retrieval.
- Pegasus spyware has been here for years. We must stop ignoring it
- Watch out! Android Flubot spyware is spreading fast
- Android “System Update” malware steals photos, videos, GPS location
- Stalkerware advertising ban by Google a welcome, if incomplete, step
- Malwarebytes teams up with security vendors and advocacy groups to launch Coalition Against Stalkerware
- Parental monitoring apps: How do they differ from stalkerware?
- When spyware goes mainstream
- Unpacking the spyware disguised as antivirus
History of spyware
As with much Internet discourse, it’s difficult to pin down exactly where “spyware” as a word and a concept originated. Public references to the term date back to Usenet discussions happening in the mid-90s. By the early 2000s, “spyware” was being used by cybersecurity companies, in much the same way we might use the term today; i.e. some sort of unwanted software program designed to spy on your computer activity.
In June 2000, the first anti-spyware application was released. In October 2004, America Online and the National Cyber-Security Alliance performed a survey. The result was startling. About 80% of all Internet users have their system affected by spyware, about 93% of spyware components are present in each of the computers, and 89% of the computer users were unaware of their existence. Out of the affected parties, almost all, about 95%, confessed that they never granted permission to install them.
At present, and in general, the Windows operating system is the preferred target for spyware applications, thanks largely to its widespread use. However, in recent years spyware developers have also turned their attention to the Apple platform, as well as to mobile devices.
Spyware authors have historically concentrated on the Windows platform because of its large user base when compared to the Mac. However, the industry has seen a big jump in Mac malware since 2017, the majority of which is spyware. Although spyware authored for the Mac has similar behaviors as the Windows variety, most of the Mac spyware attacks are either password stealers or general-purpose backdoors. In the latter category, the spyware’s malicious intent includes remote code execution, keylogging, screen captures, arbitrary file uploads and downloads, password phishing, and so on.
“The industry has seen a big jump in Mac malware in 2017, the majority of which is spyware.”
In addition to malicious spyware, there’s also so-called “legitimate” spyware for Macs. This software is actually sold by a real company, from a real website, usually with the stated goal of monitoring children or employees. Of course, such software is a two-edged sword, as it’s very often misused, providing the average user with a way of accessing spyware capabilities without needing any special knowledge.
Mobile spyware hides undetected in the background (creating no shortcut icon) on a mobile device and steals information such as incoming/outgoing SMS messages, incoming/outgoing call logs, contact lists, emails, browser history, and photos. Mobile spyware can also potentially log your keystrokes, record anything within the distance of your device’s microphone, secretly take pictures in the background, and track your device’s location using GPS. In some cases, spyware apps can even control devices via commands sent by SMS messages and/or remote servers. The spyware can send your stolen information via data transfer to a remote server or through email.
Also, it’s not just consumers that mobile spyware criminals target. If you use your smartphone or tablet in the workplace, hackers can turn their attack to your employer organization through vulnerabilities in mobile devices. Moreover, your corporation’s incident response team may not detect breaches that originate through a mobile device.
Spyware breaches on smartphones commonly occur in three ways:
- Unsecured free wi-fi, which is common in public places such as airports and cafes. If you log onto an unsecured network, the bad guys can see everything you do while connected. Pay attention to warning messages your device may give you, especially if it indicates that the server identity cannot be verified. Protect yourself by avoiding such unsecured connections.
- Operating system (OS) flaws, which open up exploits that could let attackers infect a mobile device. Smartphone manufacturers frequently release OS updates to protect users, which is why you should install updates as soon as they are available (and before hackers try to infect out-of-date devices).
- Malicious apps, which hide in seemingly legitimate applications, especially when they are downloaded from websites or messages instead of an app store. Here it’s important to look at the warning messages when installing applications, especially if they seek permission to access your email or other personal information. Bottom line: It’s best to stick to trusted sources for mobile apps and avoid any third-party apps.
Who do spyware authors target?
Unlike some other types of malware, spyware authors do not really target specific groups or people. Instead, most spyware attacks cast a wide net to collect as many potential victims as possible. And that makes everyone a spyware target, as even the slightest bit of information might find a buyer.
“Spyware attacks cast a wide net to collect as many potential victims as possible.”
For instance, spammers will buy email addresses and passwords in order to support malicious spam or other forms of impersonation. Spyware attacks on financial information can drain bank accounts or can support other forms of fraud using legitimate bank accounts.
Information obtained through stolen documents, pictures, video, or other digital items can even be used for extortion purposes.
So, at the end of the day, no one is immune from spyware attacks, and attackers usually care little about whom they are infecting, as opposed to what they are after.
How do I remove spyware?
If your spyware infection is working as designed, it will be invisible unless you’re technically savvy enough to know exactly where to look. You could be infected and never know. But if you suspect spyware, here’s what to do.
- The first order of business is to make sure your system has been cleaned of any infection so that new passwords are not compromised. Get yourself a robust cybersecurity program with a reputation for aggressive spyware removal technology. Malwarebytes, for example, thoroughly cleans up spyware artifacts and repairs altered files and settings.
- After you have cleaned your system, think about contacting your financial institutions to warn of potential fraudulent activity. Depending on the compromised information on your infected machine, and especially if it is connected to a business or enterprise, you may be required by law to report breaches to law enforcement and/or make a public disclosure.
- If stolen information is sensitive in nature or involves the collection and transmission of images, audio, and/or video, you should contact local law-enforcement authorities to report potential violations of federal and state laws.
- One last thing: Many purveyors of identity theft protection advertise their services to monitor for fraudulent transactions, or to place a freeze on your credit account to prevent any form of activity. Activating a credit freeze is definitely a good idea. If you’re offered free identity theft monitoring as part of the settlement from a data breach, there’s no harm in signing up. However, Malwarebytes advises against purchasing identity theft protection.
“Many purveyors of identity theft protection advertise their services to monitor for fraudulent transactions…”
How do I protect myself from spyware?
The best defense against spyware, as with most malware, starts with your behavior. Follow these basics of good cyber self-defense.
- Don’t open emails from unknown senders.
- Don’t download files unless they come from a trusted source.
- Mouse-over links before clicking on them and make sure you’re being sent to the right webpage.
- Use a reputable cybersecurity program to counter advanced spyware. In particular, look for cybersecurity that includes real-time protection.
A quick note about real-time protection. Real-time protection automatically blocks spyware and other threats before they can activate on your computer. Some traditional cybersecurity or antivirus products rely heavily on signature-based technology—these products can be easily circumvented by today’s modern threats.
You should also look out for features that block the delivery of spyware itself on your machine, such as anti-exploit technology and malicious website protection, which blocks websites that host spyware. The premium version of Malwarebytes has a solid reputation for spyware protection.
Digital life comes with ubiquitous dangers in the daily online landscape. Fortunately, there are straightforward and effective ways to protect yourself. Between a cybersecurity suite and commonsense precautions, you should be able to keep every machine you use free from spyware invasions and their malicious intent.
See all our reporting on spyware at Malwarebytes Labs.