SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Welivesecurity reveals the eight things you should know about spyware
Tue, 21st Feb 2017
FYI, this story is more than a year old

Spyware is defined as a “generic term for a range of surreptitious malware such as keyloggers, remote access trojans, and backdoor trojans, especially those that allow remote surveillance of passwords and other sensitive data”.

The term can also refer to “more aggressive adware”, which collects user information such as visited websites, installed applications, and other personal data.

Spyware today is a big problem for enterprises and consumers alike, especially given the recently reported variants infecting Android, Apple and Windows devices.

How does spyware work?

Like most malware, spyware finds its way onto your device without your knowledge or permission.

Spyware often looks to exploit software or web browser vulnerabilities. It does not spread like a virus or worm – instead, it installs itself by convincing the user to download bogus software, or to click on an ad. This will then download the spyware.

Other ways in which spyware can infest your machine include drive-by-download (whereby spyware loads when you visit a page), phishing links and even ‘anti-spyware' tools. It can also be downloaded through physical devices, like USB keys.

What types of spyware are there?

It's arguable that the word ‘spyware' was first used in 1995, in a Usenet post; today, it generally is used to refer to four types of unwanted code: adware, system monitors, tracking cookies, and trojans.

Other examples include digital rights management capabilities that “phone home” back to a command and control (C-C) center; keyloggers; rootkits, and web beacons.

How can I detect if someone is spying on me?

Anti-spyware and malware solutions can help to scan your machine, while users should also look out for common symptoms like computer slowdown, crashes and mass pop-ups, as well as suspicious hard drive activity and running out of HD space.

How to avoid infection? 

We've long been warned about the dangers of third-party app stores – and for good reason. Often these stores host counterfeit or even “genuine but repackaged” – and malware-infected – applications. These can seek to spy on your activities or steal confidential personal information.

As one recent example, a Netflix scam saw people infected with the SpyNote RAT posing as a genuine Netflix app and subsequently spying on user activity. As a general rule of thumb, avoid any stores outside of the usual App Store, Google Play or Windows Store mix.

Do spyware authors target Android and iOS?

Spyware has often been found on Android and iOS apps, and it is particularly successful on Google's Android operating system.

In September, Google removed four apps from Google Play after they were found with the ‘Overseer' spyware. Meanwhile, more recently, the Pegasus iOS spyware allowed adversaries to silently jailbreak Apple devices, spy on victims and collect voice, camera, email, messaging, GPS and contact data.

These infected apps often look to steal contact and personal information, SMS messages, track devices and phone calls, capture keyboard outputs or perform DoS attacks. They could also force your device into botnet.

Are governments engaged in or advocating the use of spyware?

Some countries have sought to use spyware to spy on dissidents, journalists and other citizens.

Hacking Team was a classic example of selling spyware tools to nefarious actors, while FinFisher (AKA FinSpy) was a high-end surveillance suite sold to law enforcement and intelligence agencies. Ironically, FinFisher later suffered a mega data breach of its own, an embarrassment for any company in the field of information security.

How do I remove spyware?

Removing spyware may sound complex, but, if done correctly, it can be fairly simple. The process will differ per device, but downloading spyware-blocker software, running security scans and removing temporary files is a good start.

Mobile users may also need to update software, remove applications or perform a factory reset.

Which browsers are the worst for spyware?

Microsoft's Internet Explorer browser is perhaps the most susceptible to spyware attacks, owing largely to the numerous security issues it has suffered through the years.

Its deep integration with the Windows environment makes it susceptible to attack on the Windows operating system.

Many users have installed a web browser other than Internet Explorer, such as Mozilla Firefox or Google Chrome, and most major browsers are now pretty adept at dealing with the threat.

In summary: Be security-conscious

Spyware is widely spread across the web, and is ever present on today's mobile and desktop devices. You should be security-conscious at all times and avoid clicking suspicious links or downloading unknown software. It's also advisable to use security software to keep yourself constantly protected.