Stalkerware — the threat is still there

What is stalkerware, how widespread is the problem, and what is the relationship between domestic and digital abuse.

What is stalkerware, how widespread is the problem, and what is the relationship between domestic and digital abuse

Have you ever seen a movie or TV-show where the stalker finds out everything about their victim by means of a spying app on their phone? Such plot twists often seem over-the-top: how can an ordinary person with no special technical skills really pull something like that off? However, unfortunately this is indeed possible with stalkerware — tracking apps that allow to covertly collect information about a phone’s owner. These apps can:

  • Read text messages, as well as messages on social media and in messaging apps like WhatsApp, Telegram, Signal, and so on;
  • View contact lists and call histories;
  • Track victims’ locations;
  • Collect data from calendars — planned meetings, events, and so on;
  • View photos stored on phones;
  • Take screenshots and front-camera photos.

Stalkerware is a dangerous tool used for digital abuse, which domestic abusers often use to control their victims. Public organizations focused on the issue of domestic abuse — such as the National Network to End Domestic Violence and the European Network for the Work with Perpetrators of Domestic Violence — note that physical violence and digital abuse often go hand in hand.

Over the last four years the Kaspersky team has regularly issued reports on the current situation regarding stalkerware, in particular using data provided by the Kaspersky Security Network (KSN) — a global network for exchanging information on cyberthreats. This year’s final report also includes results of a survey on digital abuse commissioned by Kaspersky and several public organizations. More than 21,000 respondents from 21 countries participated in the survey.

Prevalence of stalkerware in 2021

The data obtained from Kaspersky Security Network shows that in 2021, about 33,000 unique users of the system were affected by stalkerware. This is an historic low. To compare, in 2020 nearly 54,000 people were affected by such apps, and in 2019 — more than 67,000.

The number of unique users affected by stalkerware in 2018-2021

The number of unique users affected by stalkerware in 2018-2021. Source

Does this mean the threat is gradually receding? Unfortunately not. This decrease correlates with the aftermath of the pandemic. Because of lockdowns abusers — stalkerware’s main user-base — did not need any additional tools for spying on and controlling their victims over the last two years. After all, they were literally locked down at home together.

Aside from that, it is important to understand that the methods of stalking continue to evolve. Among the participants of our survey who reported that their intimate partners were spying on them using technology (of course, this does not take into account those who were not aware of such spying), the distribution of stalking tools was as follows:

  • Mobile apps — 50%
  • Tracking devices (for example, AirTags — keychains for easy-to-lose items) — 29%
  • Laptop apps — 27%
  • Webcams — 22%
  • Smart home systems — 18%
  • Fitness trackers — 14%

Out of this list, only mobile apps are part of the statistics we collected using KSN. In other words, we are seeing just part of the whole picture.

It is also important to understand that these statistics include only data from users who consent to provide it to KSN. The Coalition Against Stalkerware — an organization which brings together representatives of the IT industry and non-profit companies — believes that the overall number of users affected by this threat might be 30 times higher. In other words, according to this assessment, about a million people worldwide fall victim to stalkerware every year.

As for the geographical spread, most stalkerware victims among the users of KSN were from Russia, Brazil, and the U.S.A. — similar to in both 2019 and 2020.

Legality of stalkerware

The legal framework governing digital abuse — stalkerware in particular — varies in different countries. In most cases, recording users’ actions without their consent is illegal. Stalking software perfectly fits this description. But it is important to understand that the legal liability for such stalkerware can lie with the person using it rather than its developer.

Thus, stalkerware exists in a kind of gray area. The combination of functions that make up stalkerware is definitely illegal at least in some jurisdictions, but many countries do not directly forbid its development and distribution. However, it is becoming more regulated. For example, in April 2021, the U.S. Federal Trade Commission for the first time banned an app developer from selling stalkerware.

Nevertheless, surveillance apps are actively distributed online. In rare cases, you can even download stalkerware from official marketplaces. It usually presents itself as an anti-theft or parental-control app. These types of applications have similar functions to stalkerware, but there’s a distinct difference: stalkerware operates hidden from users and without their consent.

How to protect yourself against stalkerware

There are a few things you can do to lower the risk of getting stalkerware onto your device:

  • Set a complex alphanumeric password of at least eight characters on your phone. Do not give it to anyone! Change your password regularly — for example, every few months.
  • Be careful about who has physical access to your phone. Leave it unattended as little as possible.
  • Download apps only from official stores. Always pay attention to the comments, ratings, and functions of the application.
  • Install trustworthy security software on your device. Make sure that the security solution you choose can detect stalkerware. For example, Kaspersky mobile antivirus can definitely do that.

What to do if stalkerware is already on your device

If your device battery and mobile data are running out too fast, it could be a sign that you have stalkerware on your device. Stalker applications actively use up your device’s resources because they need to constantly maintain a connection with the servers controlling them. Owners of Android gadgets should also pay attention to applications having dangerous permissions. If there are unknown names on the list, that’s a serious cause for concern: you don’t know who installed these unfamiliar applications, when, or why.

Here it’s worth clarifying that the risk for Android smartphones is typically higher than for iPhones, since the latter operate on a system that is much more closed in nature. However, Apple fans cannot completely relax. An iPhone can be jailbroken to bypass security restrictions, though physical access to the device is needed for that.

You should also keep in mind that there could be stalkerware already installed on your phone should you receive it as a gift. And it doesn’t necessarily have to be physically installed by the person who gifts it to you: there are companies that provide a service of installing stalkerware on new phones and delivering them in their original packaging.

We cannot recommend that you remove a tracking app if you discover one on your phone. The stalker will sooner or later find out, which can often lead to further problems. To help protect victims from stalkerware, our team has developed TinyCheck — a tool which allows you to discreetly check your device for spyware. You don’t install TinyCheck on your phone, but rather on a separate external device: a Raspberry Pi microcomputer. This device functions as an intermediary between your Wi-Fi router and your phone. After installation, TinyCheck analyses your device’s internet traffic in real time. Based on that, you can understand if there is stalkerware on your phone: if it is sending a lot of data to known spyware servers, TinyCheck will tell you.

You need some technical knowledge to use TinyCheck, and using it at home can be risky and unproductive. The good news is that nonprofit organizations use this tool to help victims of domestic violence. And not only nonprofits — for example, law enforcement agencies in the UK also use TinyCheck to help victims of abuse.

That’s what honorary member of the Stop Gender Violence Association Bruno Pérez Juncá thinks about TinyCheck: “I have been with gender violence associations for many years and TinyCheck is what the victims and the general population need. TinyCheck is similar to an antigens test, a quick, economic and reliable test to perform an initial inspection to identify a mobile infection.”

If you’ve read this text and you now suspect that there is stalkerware on your device, to protect yourself we recommend the following:

  • Contacting a local support group. You can find a list of them on the Coalition Against Stalkerware website;
  • Not attempting to remove any stalkerware yourself. The person who installed it might switch from digital abuse to physical violence.

In closing, we would like to state that the Kaspersky team is open to collaboration with organizations that work to protect victims of domestic violence.