All about spyware

When you go online, don't assume that your privacy is secure. Prying eyes often follow your activity-and your personal information-with a pervasive form of malicious software called spyware. In fact, it's one of the oldest and most widespread threats on the Internet, secretly infecting your computer without permission in order to initiate a variety of illegal activities. It's easy to fall prey to and can be hard to get rid of, especially since you're most likely not even aware of it. But relax; we've got your back with all you need to know about what spyware is, how you get it, what it tries to do to you, how to deal with it, and what to do to avoid future spyware attacks.

What is spyware?

Spyware. Although it sounds like a James Bond gadget, it’s actually a generic term for malicious software that infects your PC or mobile device and gathers information about you, your browsing and Internet usage habits, as well as other data.

No big surprise—spyware is sneaky, usually finding its way onto your computer without your knowledge or permission, attaching itself to your operating system, maintaining a presence on your PC. You might have even inadvertently given permission for the spyware to install itself when you agree to the terms and conditions of a seemingly legitimate program you downloaded without reading the fine print.

But no matter how spyware invades your PC, it runs quietly in the background, collecting information or monitoring your activities in order to trigger malicious activities related to your computer and how you use it. That includes capturing keystrokes, screen shots, authentication credentials, personal email addresses, web form data, Internet usage information, and other personal information, such as credit card numbers.

“Spyware runs quietly in the background, collecting information.”

And even if you discover its unwelcome presence on your system, it does not come with an easy uninstall feature.

How do I get spyware?

Spyware can infect your system in the same ways that any other malware does, by means of a Trojan, a virus, worm, exploit, and other types of malware. Here are a few of spyware’s main techniques to infect your PC or mobile device:

  • Security vulnerabilities. Here’s a top-of-the-list no-no: clicking on an unfamiliar link or attachment in an email, which either runs an executable attachment or links to a website program that downloads and runs (“executes”) a program. Even worse, it’s even possible that just visiting a malicious website and viewing a page and/or banner ad will result in a drive-by download. Or clicking some option in a deceptive pop-up window can trigger an infection. Even trading software or documents with friends may result in the stealthy delivery of a spyware program hidden within. That includes executable programs, music files, and documents. All it takes is one bad click.
  • Misleading marketing. Spyware authors love to present their spyware programs as useful tools to download. It might be an Internet accelerator, new download manager, hard disk drive cleaner, or an alternative web search service. Beware this kind of “bait,” because installing it can result in inadvertent spyware infection. And even if you eventually uninstall the “useful” tool that initially introduced the infection, the spyware remains behind and continues to function.
  • Software bundles. Who doesn’t love free software (freeware)? Except when it’s a host program that conceals a malicious add-on, extension, or plugin. They may look like necessary components, but they are nonetheless spyware, which, again, remains even if you uninstall the host application.
  • Misc. Trojans, worms, and backdoors often distribute spyware in addition to their primary malicious intent.
  • Mobile device spyware. Mobile spyware has been around since mobile devices became mainstream. Since mobile devices are small and users can’t see activity, these behaviors can run behind the scenes. Both Mac and Android devices become infected when you install an app with malicious code. These apps include legitimate apps recompiled with malcode, straight up malicious apps with a fake name, and apps with fake download links. Apps can also be secretly installed onto devices by abusers who want to stalk unsuspecting victims.

“Mobile spyware has been around since mobile devices became mainstream.”

Types of spyware

In most of the cases, the functionality of any spyware threat depends on the intentions of its authors. For example, some typical functions designed into spyware include the following:

    • Password stealers are applications designed to harvest passwords from infected computers. The types of collected passwords may include stored credentials from web browsers, system login credentials, and sundry critical passwords. These passwords may be kept in a location of the attackers’ choosing on the infected machine, or may be transmitted to a remote server for retrieval.
    • Banking Trojans are applications designed to harvest credentials from financial institutions. They take advantage of vulnerabilities in browser security to modify web pages, modify transaction content, or insert additional transactions, all in a completely covert fashion invisible to both the user and host web application. Banking Trojans may target a variety of financial institutions, including banks, brokerages, online financial portals, or digital wallets. They might also transmit collected information to remote servers for retrieval.
    • Infostealers are applications that scan infected computers and seek out a variety of information, including usernames, passwords, email addresses, browser history, log files, system information, documents, spreadsheets, or other media files. Like banking Trojans, Infostealers may exploit browser security vulnerabilities to collect personal information in online services and forums, then transmit the information to a remote server or store it on your PC locally for retrieval.
    • Keyloggers, also referred to as system monitors, are applications designed to capture computer activity, including keystrokes, websites visited, search history, email discussions, chatroom dialogue, and system credentials. They typically collect screenshots of the current window at scheduled intervals. Keyloggers may also collect functionality, allowing for stealthy capture and transmission of images and audio/video from any connected devices. They might even allow attackers to collect documents that are printed on connected printers, which can then be transmitted to a remote server, or stored locally for retrieval.

Latest spyware news

macOS vulnerability exposes users to spyware
Spyware disguised as antivirus
Spyware stalks domestic abuse victims

History of spyware

Public references to the term “spyware” date back to late 1996, when it appeared in an industry article. By 1999, it was used in an industry press release, described as we define it today. The term was an instant hit in the mass media and among its audiences. Soon after, in June 2000, the first anti-spyware application was released.

“References to spyware date back to 1996.”

In October 2004, America Online and the National Cyber-Security Alliance performed a survey. The result was startling. About 80% of all Internet users have their system affected by spyware, about 93% of spyware components are present in each of the computers, and 89% of the computer users were unaware of their existence. Out of the affected parties, almost all, about 95%, confessed that they never granted permission to install them.

At present, and in general, the Windows operating system is the more favorable target of the spyware applications, thanks to its widespread use. However, in recent years spyware developers have also turned their attention to the Apple platform, as well as to mobile devices.

Mac spyware

Spyware authors have historically concentrated on the Windows platform because of its large user base when compared to the Mac. However, the industry has seen a big jump in Mac malware in 2017, the majority of which is spyware. Although spyware authored for the Mac has similar behaviors as the Windows variety, most of the Mac spyware attacks are either password stealers or general-purpose backdoors. In the latter category, the spyware’s malicious intent includes remote code execution, keylogging, screen captures, arbitrary file uploads and downloads, password phishing, and so on.

“The industry has seen a big jump in Mac malware in 2017, the majority of which is spyware.”

In addition to malicious spyware, there's also so-called "legitimate" spyware for Macs. This software is actually sold by a real company, from a real website, usually with the stated goal of monitoring children or employees. Of course, such software is a two-edged sword, as it’s very often misused, providing the average user with a way of accessing spyware capabilities without needing any special knowledge.

Mobile spyware

Mobile spyware hides undetected in the background (creating no shortcut icon) on a mobile device and steals information such as incoming/outgoing SMS messages, incoming/outgoing call logs, contact lists, emails, browser history, and photos. Mobile spyware can also potentially log your keystrokes, record anything within the distance of your device’s microphone, secretly take pictures in the background, and track your device’s location using GPS. In some cases, spyware apps can even control devices via commands sent by SMS messages and/or remote servers. The spyware can send your stolen information via data transfer to a remote server or through email.

Also, it's not just consumers that mobile spyware criminals target. If you use your smartphone or tablet in the workplace, hackers can turn their attack to your employer organization through vulnerabilities in mobile devices. Moreover, your corporation’s incident response team may not detect breaches that originate through a mobile device.

Spyware breaches on smartphones commonly occur in three ways:

  • Unsecured free wi-fi, which is common in public places such as airports and cafes. If you log onto an unsecured network, the bad guys can see everything you do while connected. Pay attention to warning messages your device may give you, especially if it indicates that the server identity cannot be verified. Protect yourself by avoiding such unsecured connections.
  • Operating system (OS) flaws, which open up vulnerabilities that could let attackers infect a mobile device. Smartphone manufacturers frequently release OS updates to protect users, which is why you should install updates as soon as they are available (and before hackers try to infect out-of-date devices).
  • Malicious apps, which hide in seemingly legitimate applications, especially when they are downloaded from websites or messages instead of an app store. Here it’s important to look at the warning messages when installing applications, especially if they seek permission to access your email or other personal information. Bottom line: It’s best to stick to trusted sources for mobile apps and avoid any third-party apps.

Who do spyware authors target?

Unlike some other types of malware, spyware authors do not really target specific groups or people. Instead, most spyware attacks cast a wide net to collect as many potential victims as possible. And that makes everyone a spyware target, as even the slightest bit of information might find a buyer.

“Spyware attacks cast a wide net to collect as many potential victims as possible.”

For instance, spammers will buy email addresses and passwords in order to support malicious spam or other forms of impersonation. Spyware attacks on financial information can drain bank accounts, or can support other forms of fraud using legitimate bank accounts.

Information obtained through stolen documents, pictures, video, or other digital items can even be used for extortion purposes.

So, at the end of the day, no one is immune from spyware attacks, and attackers usually care little about whom they are infecting, as opposed to what they are after.

What do I do if I get infected?

If your spyware infection is working as designed, it will be invisible unless you’re technically savvy enough to know exactly where to look. You could be infected and never know. But if you suspect spyware, the first order of business is to make sure your system has been cleaned of any infection so that new passwords are not compromised. Get yourself a robust cybersecurity program with a reputation for aggressive spyware removal technology. Aggressive spyware removal thoroughly cleans up spyware artifacts and repairs altered files/settings.
After you have cleaned your system, think about contacting your financial institutions to warn of potential fraudulent activity. Depending on the compromised information on your infected machine, and especially if it is connected to a business or enterprise, you may be required by law to report breaches to law enforcement and/or make a public disclosure. If information is sensitive in nature, or involving the collection and transmission of images, audio, and/or video, you should contact local law-enforcement authorities to report potential violations of federal and state laws.

One last thing: Many purveyors of identity theft protection advertise their services to monitor for fraudulent transactions, or to place a freeze on your credit account to prevent any form of activity. Activating a credit freeze is definitely a good idea. However, Malwarebytes advises against purchasing identity theft protection.

“Many purveyors of identity theft protection advertise their services to monitor for fraudulent transactions…”

How do I protect myself from spyware?

The best defense against spyware, as with most malware, starts with your behavior. Follow these basics of good cyber self-defense:

  • Don’t open emails from unknown senders.
  • Don’t download files unless they come from a trusted source.
  • Mouse-over links before clicking on them and make sure you’re being sent to the right webpage.

But as people have gotten smarter about cyber self-defense, hackers have turned to more sophisticated spyware delivery methods, so installing a reputable cybersecurity program is necessary to counter advanced spyware.

Look for cybersecurity that includes real-time protection. Real-time protection automatically blocks spyware and other threats before they can activate on your computer. Some traditional cybersecurity or antivirus products rely heavily on signature-based technology—these products can be easily circumvented, especially by new threats.
You should also look out for features that block the delivery of spyware itself on your machine, such as anti-exploit technology and malicious website protection, which blocks websites that host spyware. The premium version of Malwarebytes has a solid reputation for spyware protection.

Digital life comes with ubiquitous dangers in the daily online landscape. Fortunately, there are straightforward and effective ways to protect yourself. Between a cybersecurity suite and commonsense precautions, you should be able to keep every machine you use free from spyware invasions and their malicious intent.
See all our reporting on spyware at Malwarebytes Labs. 

Cybersecurity info you can't do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language