What is Spyware?
Spyware is sneaky, and it's very good at hiding itself. Usually, it does this by attaching itself to your operating system and running in the background as a memory-resident program. Sometimes it even disguises itself as a file that is innocent and a vital part of your OS.
Spyware can even arrive attached to apparently legitimate programs. If you look carefully, it's probably mentioned in the small print. It's more likely to arrive attached to dodgy downloads or via a phishing attack.
Government agencies are even able to insert spyware via iTunes, according to German magazine Der Spiegel. The installed software, like FinFisher, can allow them to snoop on Facebook and Skype, as well as go through your emails. And if governments can do it, you can bet criminals everywhere will be trying to get their hands on that functionality.
Spyware can be installed on any device - a PC or laptop, a tablet, iPhone, or Android smartphone. Computers were the original focus for spyware creators, but now spyware can be found taking advantage of vulnerabilities in Android phones, iPhones, and tablets, too.
In this article we'll describe the types of spyware you might want to look out for, tell you how to detect them on your computer or smartphone, and show you how to eradicate them. We'll also give you some tips about how to detect spyware on both Android phones and iPhones, so that whichever kind of mobile device you own, you're covered. This should give you everything you need to know to protect your privacy.
Types of spyware
Different types of spyware are focused on monitoring different types of information. For instance, some are relatively innocent and simply want to track your web browsing behavior to send the data to advertisers. Some track your contacts or geographical location. Others are plainly criminal in intent, focusing on the theft of network credentials and passwords.
Let's look at the main groups of spyware to see what they do and how they do it:
- Keyloggers attempt to capture computer activity by reporting keyboard inputs. The information stolen can include websites you visited, system credentials and passwords, your internet search history, and passwords.
- Password stealers are designed to harvest passwords from any infected device or computer. Those passwords can include stored web passwords, system logins, or network credentials. Password stealers can also steal cookies to enable them to use websites with your ID.
- Banking trojans modify web pages to take advantage of browser security lapses. They may spoof bank websites so that users attempt to carry out transactions on a fake site, as well as logging keystrokes and stealing credentials. They can modify transactions (for instance sending money to the cybercriminal's account instead of the intended account) or transmit collected information to another server.
- Info stealers scan PCs for information such as usernames and passwords, credit card numbers, and email addresses. It also might take all your email contacts so it can spam them with phishing emails.
- Mobile spyware can track your geographical location, your call logs, contact lists and even photos taken on your camera phone.
- Sound recording and video spyware can use your device to record your conversations and send the information to a third party. Some smartphone apps require access to laptop or smartphone cameras and microphones; this permission could be used to record you at any time, upload photos and sound without telling you, livestream your camera on to the internet, and run facial recognition software on your face.
- Cookie trackers can report your data to advertisers. You might not mind - but how can you be sure exactly what the software is reporting?
Some banking spyware even cooperates with similar malware to drop a double payload. For instance, Emotet 'dropped' Dridex. Even when PC owners eradicated Emotet, the other spyware could still have been left running. Increasingly, different types of spyware come bundled with each other, so you're not facing a single threat but a multiple and complex one.
All these spyware programs are dangerous - but fortunately there are ways to guard against them.
How you get spyware
How does spyware arrive on your computer or smartphone? It can arrive in several ways.
First, it could be installed deliberately by someone else to track you. That's one reason you need to use the screen lock capability on your phone - don't leave it sitting around and open to interference.
More likely, the spyware accompanied a program or app that you installed yourself. Spyware often accompanies programs that are disguised as useful software, such as download managers, registry cleaners, and so on. Sometimes, it comes packaged with video games. It may even come packaged in a software bundle with real, useful programs. Though both Apple and Google do their best to prevent spyware hitting their operating systems, packages with spyware included have made it through to the Google Play Store - so you can't be too careful.
Spyware might be propagated through phishing - sending emails with links that, when clicked on, download the spy program. You might also be infected by spyware via a spoofed website - one that purports to belong to a reputable organization but is actually a fake and whose links will start downloading spyware or installing it on your browser.
Can you avoid getting spyware? A few basic tips will reduce the likelihood that you'll end up with spyware on your computer or smartphone:
- Keep your operating system and software updated. Regular security patches help fix those weak points that hackers can use to get in.
- Put a screen lock on your smartphone and use strong passwords on your computers to stop unauthorized access.
- Restrict administrator privileges on your computer or phone. If you run your PC as an administrator or with root access, you're making the job of installing spyware much easier.
- Rooting an Android phone or jailbreaking an iPhone opens you up to spyware. Unless you really need the functionality, don't do it.
- Don't use unsecured Wi-Fi, or if you do, use a Virtual Private Network to protect yourself.
- Look carefully at the permissions you grant apps when you install them, particularly if they ask for permission to access the microphone, camera, phone, or personal data. If the app wants more information than seems reasonable - for instance, a Sudoku game wanting access to your camera - that may be a sign of a spyware payload.
- Don't click on links in emails unless you're sure you know where they go. Don't download files from suspicious file sharing networks - they're likely to be compromised.
- Maintain adequate anti-virus and anti-malware protection on your devices.
How to detect spyware
Even if you can't find the spyware program, you may be able to detect signs of it. For instance, if a computer starts to run more and more slowly, that could be a sign that it has been compromised. Look out for the following clues:
- Increasing sluggishness and slow response.
- Unexpected advertising messages or pop-ups (spyware is often packaged with adware).
- New toolbars, search engines and internet home pages that you don't remember installing.
- Batteries becoming depleted more quickly than usual.
- Difficulty logging into secure sites. (If your first login attempt fails and your second succeeds, that may mean the first attempt was on a spoofed browser and the password was communicated to a third party, not to your bank.)
- Inexplicable increases in your data usage or bandwidth use. These can be a sign that the spyware is searching your information and uploading data to a third party.
- Anti-virus and other safety software not working.
- How can you detect spyware on an Android phone? If you look in Settings, you'll see a setting which allows apps to be downloaded and installed that aren't in the Google Play Store. If this has been enabled, it's a sign that potential spyware may have been installed by accident.
- How can you detect spyware on an iPhone? Look for an app called Cydia, which enables users to install software on a jailbroken phone. If it's there and you didn't install it, remove it immediately.
Spyware removal
If any of these telltale signs occur, you should use a spyware detection and removal program to scan for spyware (some anti-virus software also has a malware detection capability). You'll then want to remove it.
On Windows computers, looking at Task Manager will sometimes enable you to identify malicious programs. But sometimes, they're disguised as windows system files. On Apple systems, the Activity Monitor lets you check the status of programs that are running.
Because spyware is so good at hiding itself, removing it isn't as easy as just uninstalling the app; some spyware even has a kind of resurrection functionality written into it. This basically means that if your device is connected to the internet while you're trying to remove it, it will download itself all over again. Despite the fact that spyware can be tough to remove, there are several different methods of removal:
- A lot of spyware requires phones to be rooted or jailbroken in order for it to function. Unrooting or unjailbreaking your phone could incapacitate the spyware. For iPhones, performing an iOS update will return your phone to an unjailbroken status.
- Spyware removal on Android phones is best done in safe mode (holding the “power on” button for a few seconds should bring up a menu that allows you to access safe mode) or airplane mode, to stop the spyware running and cut your device off from networks that might try to reinstall the spyware.
- If worst comes to worst, spyware can be eradicated by performing a factory reset on an iPhone or Android phone. This removes all data and downloaded programs from the device and leaves it in its original 'factory' state. You should back up your personal data before performing the reset, using Google or iTunes/iCloud, so you'll be able to restore all your data to your freshly cleaned phone.
- Use a robust malware and spyware removal software to clean your computer or phone. But be careful: some programs advertising themselves as spyware removal software are actually spyware themselves. Make sure your software comes from a reputable source like Kaspersky.
- Some remnants of the spyware might survive when you reinstall your personal data, so it's best to perform a second scan to ensure the device is completely clean.
After you've removed spyware, clean your internet cache to eradicate any remaining traces of the spyware. Check your financial accounts for any unrecognized transactions and change your passwords for all your accounts including your email (use strong passwords, and don't use the same password for more than one account).
To make sure you're protected going forward, we recommend Kaspersky's Total Security 2020 which will protect you with anti-virus, anti-malware, password management and VPN capability. That way, you're totally secure from anyone hacking in to spy on you in future.
Related links
Defending Yourself from a Man in the Middle Attack
Combining Social Engineering & Malware Implementation Techniques