Stalkerware in the year of COVID-19

Stalkerware, or covert monitoring and surveillance software used for stalking, remains a major problem according to a Kaspersky report, which found that a total of 53 870 global mobile users were affected by stalkerware in 2020.

The term stalkerware was coined when people started to widely use commercial spyware to spy on their spouses or intimate partners.

The report revealed that the situation has not improved much when compared to the year before. In 2019, the company discovered 67 500 affected mobile users.

Concurrently, when talking about improvements, it is important to take the pandemic into account as stalkerware is often used to digitally control the life of an intimate partner. The decline in instances from March to June 2020, when the world was in lockdown, is no surprise then.

Stalkerware is a form of cyber violence, and a worldwide phenomenon that affects countries irrespective of size, society, or culture.

Russia, Brazil, the US, India and Mexico are at the top of Kaspersky’s 2020 list of countries where users are most impacted. Germany is the first European country, occupying sixth place in the global rankings. Iran, Italy, the UK and, lastly, Saudi Arabia complete the ten most affected nations.

Victor Chebyshev, research development team lead at Kaspersky, says the number of users affected by stalkerware remains high and Kaspersky detects new samples every day.

“It’s important to remember that there is somebody’s real life story behind all these numbers, and sometimes there is a silent call for help. Therefore, we are sharing our part of the picture with the community working to end the use of stalkerware in order to have a better understanding of the issue. It is clear that we all need to share what we are finding so we can further improve detection and protection for the benefit of those affected by cyber violence,” he adds.

Since 2021, the security giant has joined forces with four partners to work on the EU-wide “DeStalk” project, which the European Commission chose to support with its Rights, Equality and Citizenship Program.

Prior to DeStalk in 2019, Kaspersky co-founded, along with nine other organisations, the Coalition Against Stalkerware, which now has 30 members from five continents. The Coalition aims to improve industry detection of stalkerware, mutual learning from non-profit organisations and companies, and raise public awareness.

In November last year, Kaspersky released a free anti-stalkerware tool called TinyCheck in order to help non-profit organisations support victims of domestic violence and protect their privacy. It detects stalkerware and informs affected users without making the perpetrator aware. The tool is supported by the IT security community and constantly updated with the help of that community.

Kaspersky says users can check if their mobile device has stalkerware installed by looking for the several signs:

1. Check permissions in installed apps. Stalkerware applications may be disguised under a fake app name with suspicious access to messages, call logs, location, and other personal activity.

2. Ddelete apps that are no longer being used. If the app has not been opened in a month or more, it is probably safe to assume it is no longer needed; and if this changes in the future, it can always be reinstalled.

3. Check "unknown sources" settings on Android devices. If "unknown sources" are enabled on your device, it might be a sign that unwanted software was installed from a third-party source.

4. Check the browser history. To download stalkerware, the perpetrator will have to visit certain Web pages the affected user does not know about. Alternatively, there could be no history at all if the abuser wiped it.

5. Use proven cyber security tools that offer protection against all kinds of mobile threats and which run regular checks on devices.

Kaspersky also advises users not to rush to remove stalkerware if found on the device as the abuser may notice.

It is crucial to bear in mind that the abuser may be a potential safety risk. In some cases, the person may escalate their abusive behaviours in response.

If stalkerware is found, contact local authorities and service organisations supporting victims of domestic violence – for assistance and safety planning. A list of relevant organisations in several countries can be found on www.stopstalkerware.org.

Consider whether any evidence of the stalkerware needs to be preserved before removing it. Trust your gut instinct and do what feels safest.