Security Terminology Demystified: Spyware

You’re not paranoid. Someone is watching you.

All forms of malicious hack, attack and threat have their own personality. Ransomware is the furtive stranger down a dark alley, trojans are the muscle-bound thugs, and spyware is the creepy guy with the oily hair and a pocket full of secrets.

Spyware is, quite probably, the creepiest of the security threats. It watches you from your device, secretly observing you and sending information about you to whoever infected you in the first place.

The information it gathers can be used by the jealous husband to spy on his wife, it can be used to gain access to other systems and information to perpetrate an even more deadly hack (such as work secrets or bank details), or it can be sold on to marketing companies so you can enjoy another decade of extremely annoying phone calls.

Spyware collects, stores, and shares private information. It crosses personal boundaries, it invades offices, and it’s on the rise in new and horrible forms. Stalkerware, a type of spyware, has undergone an insane 373% increase in 2019.

These apps are designed to spy on people’s devices, tapping into their calls, messages and locations. What’s worse, they are openly sold on app stores for people to buy and use so they can listen in on calls, read private communications and really just invade someone’s personal space. You don’t know they’re there, but they know exactly where you are…

 

The definition

Spyware is hidden, secretive and nasty. It hides on your PC, your phone, your tablet, your notebook and everything else in between. And then it spies on you, stealing your private things and sharing them with other people and the world. It’s a type of malware and it is probably the most malicious. At least with other types of cyber threat you don’t feel quite as used and soiled as you do when you find out that someone has been spying on you.

Spyware can be used for multiple reasons. It can be used to spy on a person’s business accounts so that it can gain access to confidential business information, it can be used to track a person, it can be used to steal your identity, and so much more.

It achieves these nefarious ends by taking your ID number, phone number, bank records, email messages, login details, passwords and everything else that belongs to you. Every time you write a sentence, phone a friend or enter your bank details, the spyware knows about it.

There are the different types of spyware:

1. Trojan – oh yes, these muscle-bound thugs can pull the spyware into your system. They hide the spyware under their coats while pretending to be legitimate software applications or solutions.
2. Tracking cookies – not all cookies are created equal and these ones are the unpleasant underbelly of the internet world. They follow you around and track your internet activity and then sell this information on to marketing companies so they can capitalise on your interests.
3. Adware – this type of malware sends you adverts for things you’ll probably want and it also follows you around online. It slows your system down quite badly and often pop up adverts that you can’t get rid of or close.
4. Stalkerware – this fresh and shiny slice of horrible sits on your devices and literally stalks your every move.
5. Keylogger – this nasty beast records the keystrokes you make on your keyboard and then uses this information to access your private accounts. This particular type of spyware is very nasty as it really can help malicious criminals take your identity and your life.
6. Stealers – these forms of spyware are designed to steal your passwords and information.

Apple spies: In February 2019 Apple fixed a flaw in its devices that had potentially left iPhones open to hacking for up to two years. This flaw was found by Google researchers and the entire debacle came to light in August 2019. The researchers found 12 security flaws – seven in Safari – that allows the hacker to install malicious spyware. The vulnerability exposed iPhones to next level risk and Google gave Apple only a week to fix it before they revealed it to the world. It has, of course, not helped the relationship between the two competing companies. You can read all about the flaws and the issues right here on TechCrunch.

 

The threat

So, you probably want to know how spyware gets onto your device. Great question. The answer, however, is quite complex. Just as spyware comes in different forms, each type of spyware attacks your device in a different way.

Adware, for example, can sneak into your system through software you’ve downloaded or it can simply sneak into your system through a vulnerability when you visit an infected site. These infected sites don’t necessarily have to be extremely dodgy ones either, they can be highly reputable websites that were infected without their knowledge.

Some spyware is installed onto your device by someone else – this is often in the form of stalkerware that’s used by someone close to you to track your activity.

Many spyware infections (including adware infections from reputable sites) are the result of a ‘drive-by’ attack. You visit the site, the adware does a drive-by, you get infected because you have a flaw it could leverage. You can get infected because you click on an advert that happens to be malvertising – malware infected ads.

You can also be infected by opening an file, downloading an app, clicking on a po-up advert, opening an email attachment, clicking on a text message link, and downloading software.

Many successful spyware attacks come about thanks to what is known as a ‘watering hole attack’. Named after how lions and other predators hang about at watering holes and wait for their prey to come and drink, these attacks are designed to lie in wait for the unwary internet user.

Down by the watering hole:  Earlier in 2019, a nasty piece of spyware was discovered by researchers. This spyware was called Triout and it was shoved into the app Psiphon. What made this particularly nasty was not just how virulent and invasive it was, but how it was used. Psiphon is an app designed to help people in repressive regime countries gain full access to platforms such as Google Play. The app allowed them to live their best online life and it was hacked, packed with spyware and sent out into the world.

 

The protection

Don’t be that guy and get yourself enmeshed in the world of spyware and identity loss and theft. Follow these handy steps to protect your system, your mobile devices and your life:

• Download the latest version – Apps like Psiphon that have been hacked in the past are already several versions ahead of the hacked version. Make sure that any app you download is on the latest version, is secure and doesn’t pose any threats. Also, be careful of downloading apps that are not on Google Play or the App Store.
• Don’t open the attachment – Attachments are the bane of your security life. They pose more than just a spyware threat and are one of the most common attack vectors used by threat actors. Just don’t open the attachment unless you are 100% sure it comes from a reliable source.
• Don’t click on dodgy links – this really can open your system up to dangerous viruses, malware and spyware. The same goes for ads – avoid them. Rather go directly to the site and find the special offer from there.
• Lock your device – use your biometric fingerprint reader, use an unbreakable password or number combination and never leave your device unlocked. This will not only prevent other people from accessing your device but it will also protect your data if your device is stolen.
• Install the best possible antivirus and internet protection tools you can find – having an antivirus installed on your machine isn’t a nice to have, it’s essential. Look to a comprehensive solution such Norton Security Premium.
• Check for spyware regularly – use a solution such as Norton Power Eraser to find out if you have spyware and remove it.