Kaspersky State of Stalkerware report reveals digital violence has increased

Woburn, MA – March 20, 2024 – Kaspersky has released its State of Stalkerware 2023 report, revealing that more than 31,000 mobile users worldwide were targeted by stalkerware, clandestine surveillance software often utilized by domestic abusers to monitor their victims.

Stalkerware typically masquerades as legitimate anti-theft or parental control apps on smartphones, tablets, and computers, but in reality, it is something very different. Usually installed without consent and notification of the person being tracked, these apps provide a perpetrator with the means to gain control over a victim’s life. Stalkerware capabilities vary depending on the application.

The State of Stalkerware is an annual report by Kaspersky which aims to provide a better understanding of the global number of people affected by digital stalking. In 2023, Kaspersky data reveals 31,031 unique individuals around the world were affected by stalkerware, a nearly six percent year-on-year increase (5.8%) increase of the 29,312 users affected in 2022. The figures reverse the downward trend of 2021, confirming digital stalking continues to be a global problem.

According to the Kaspersky Security Network, in 2023, users in Russia (9,890), Brazil (4,186), and India (2,492) were the top three countries most affected. Iran entered the top five in the previous year and remains. The United States ranged seventh, with 799 affected users – a drop from the fifth spot in 2022, when 1,295 users were affected. Germany dropped from seven to 10, while Saudi Ariba (ranked eighth in 2022) dropped out of the top ten. Compared to 2021, the top 10 affected countries have changed little.

Top 10 countries most affected by stalkerware in 2023

Stalking and violence – offline and online

Kaspersky also gathered survey data for the report, finding that the spectrum of abuse is diverse, with over one-third (39%) of survey respondents worldwide reporting experiences of violence or abuse from a current or previous partner. Of those questioned for the report, 23% of people worldwide revealed they have encountered some form of online stalking from someone they were recently dating. Furthermore, overall 40% reported experiencing stalking or suspecting being stalked.

On the other side, 12% admitted to installing or setting parameters on their partner's phone, while nine percent acknowledged pressuring their partner to install monitoring apps. Nevertheless, the notion of monitoring a partner without their awareness is disapproved by the majority of individuals (54%), reflecting a prevailing sentiment against such behavior. Regarding attitudes toward consensually monitoring a partner's online activities, 45 percent of respondents express disapproval, highlighting the significance of privacy rights. Conversely, 27 percent support full transparency in relationships, viewing consensual monitoring as appropriate, while 12 percent deem it acceptable only when mutual agreement is reached.

“These findings highlight the delicate balance individuals strike between intimacy and safeguarding personal information,” said David Emm, security and data privacy expert at Kaspersky. “It's positive to observe increased caution, especially regarding sensitive data like security device passwords. The reluctance to share such critical access aligns with cybersecurity principles. The willingness to share streaming service passwords and photos signifies a cultural shift, though individuals should recognize potential risks even in seemingly innocuous information sharing. These insights underscore the importance of fostering open communication within relationships, establishing clear boundaries, and promoting digital literacy. For security professionals, it reinforces the need for ongoing education on cybersecurity best practices and empowering individuals to make informed decisions about sharing personal information within relationships.”

The fight against stalkerware needs partnerships

In most countries around the world, use of stalkerware software is currently not prohibited but installing such an application on another individual’s smartphone without their consent is illegal and punishable. However, it is the perpetrator who will be held responsible, not the developer of the application. Along with other related technologies, stalkerware is one element of tech-enabled abuse and often used in abusive relationships.

“This report highlights both the prevalence of stalking behavior perpetrated with technology and the related perceptions on privacy within intimate partner relationships,” Erica Olsen, senior director, Safety Net Project, National Network to End Domestic Violence (NNEDV). “The use of stalkerware or any tool to monitor someone else without their consent is a violation of privacy and a common tactic of abuse. This report demonstrates how abusive individuals use a wide range of monitoring tactics, including both stalkerware and other applications that facilitate the sharing of personal information.

“The report also explored the norms and perspectives on privacy within intimate partner relationships. A significant portion of respondents reported they would willingly share some information, whether for safety reasons or otherwise. A small percentage, 4%, stated they reluctantly agreed to monitoring at their partner’s insistence – this is not the same as consent. It’s important to create a clear distinction between consensual sharing and non-consensual monitoring. Consent is agreement free of force or coercion.”

“The statistics highlighted in this report are really concerning, but we are sadly not surprised,” said Emma Pickering, head of Technology-Facilitated Abuse and Economic Empowerment Team at Refuge said. “Here at Refuge, we are seeing an alarming increase in survivors reporting concerns relating to stalkerware. As these statistics reveal, the issue of stalkerware is a widespread concern.

“It is likely that we are seeing this due to an increase in stalkerware features within parental monitoring Apps making the ability to stalk ever more accessible. While we are actively looking for stalkerware that is intended towards monitoring your ex-partner there are many other forms of stalkerware available that is aimed towards an audience who download the Apps without understanding the full features, or to be used for other nefarious reasons. 

“It is also very important to note that we rarely see any form of tech abuse used in isolation. Alongside stalkerware, abusers are often misusing other forms of technology to cause harm and distress. This is why we should always ensure, as agencies, we are completing a detailed tech assessment and supporting survivors to regain access to all accounts and devices. For this reason, it is imperative that we continue to work together with the wider tech community to understand the technology being used, to try to prevent it being used for harm and to try and build in safety by design collaboratively.

“Sadly, we recognise that for many survivors setting passwords on devices or not sharing the device or password is not a luxury they are afforded. We do advise if anyone is concerned, to always use a safe device to make contact with an agency for support, and that for any sensitive conversations, emails or searches, that they do not conduct these on the device that they are worried may being monitored.”

Stalkerware is not only a technical problem, but an expression of a problem which requires action from all sections of society. Kaspersky is not only actively committed to protecting users from this threat but also maintaining a multilevel dialogue with nonprofit organizations, industry, research and public agencies around the world to work together on solutions that tackle the issue.

In 2019, Kaspersky was the first cybersecurity company in the industry to develop a new attention-grabbing alert that clearly notifies users if stalkerware is found on their device. While Kaspersky’s solutions have been flagging potentially harmful apps that are not malware – including stalkerware – for many years, the new notifications function alerts the user to the fact that an app has been found on their device that may be able to spy on them.

As this is part of a wider problem, Kaspersky is working with relevant experts and organizations in the field of domestic violence, ranging from victim support services and perpetrator programs through to research and government agencies, to share knowledge and support professionals and victims alike. 

In 2019, Kaspersky also co-founded the Coalition Against Stalkerware, an international working group against stalkerware and domestic violence that brings together private IT companies, NGOs, research institutions, and law enforcement agencies working to combat cyberstalking and help victims of online abuse. Through a consortium of more than 40 organizations, stakeholders can share expertise and work together to solve the problem of online violence. In addition, the Coalition's website, which is available in seven different languages, provides victims with help and guidance in case they may suspect stalkerware is present on their devices.

Read the full report looking on stalkerware threats in 2023 on Securelist.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Media Contact

Sawyer Van Horn

sawyer.vanhorn@Kaspersky.com

(781) 503-1866