SpyGuard vs. Stalkerware: Detecting Digital Abuse Safely and Effectively

What is Stalkerware?

Stalkerware is commercially accessible software that allows abusers to spy on a victim’s device without their knowledge or consent. Stalkerware, like any other sort of spyware, is very intrusive when used against a victim of domestic violence. It is compatible with both mobile operating systems, such as iOS and Android. Some of the functions allow the abuser to see everything their victim is doing, from tracking their victims’ locations and enabling abusers to read their encrypted text messages, monitor phone calls, see photos, videos, access their web history, and much more.

How can I detect Stalkerware on my device? 

While Stalkerware can be challenging to detect, most of it follows common signs that can alert the victim to its presence. Common signs of Stalkerware can include rapid battery draining from regular phone activity, increased phone data usage, and different apps on the device crashing often. However, there are tools out there to detect the presence of Stalkerware. One of these tools, SpyGuard, is a great program to detect and scan for signs of Stalkerware present on a device without removing the stalkerware, which notifies the abuser. This report can be brought as evidence if the victim wants to bring charges against the abuser.

What is SpyGuard?

SpyGuard is an improved and modified version of TinyCheck, created by the same developer during their time at Kaspersky. Its primary goal is to identify signs of compromise by monitoring the network traffic generated by a device. SpyGuard scans the device for signs of Stalkerware using a generated wifi network to detect the device’s network traffic for Indicators of Compromise(aka IoC) without letting the abuser know. An Indicator of Compromise is an event or piece of data that indicates a system or a network may have been compromised. SpyGuard can be applied to various devices, including smartphones, laptops, IoT devices, and workstations.

TinyCheck vs. SpyGuard 

TinyCheck was created by the security company Kaspersky as a free and open-source tool to combat Stalkerware. It is installed on a separate device, such as a Raspberry Pi, and scans a device’s outgoing Wi-Fi traffic to detect different signs of Stalkerware. TinyCheck is not restricted to any device and works with scanning a variety of operating systems, such as Android and Windows. In addition, scanning a device does not alert the abuser of that scan. However, TinyCheck is deprecated and no longer receiving updates.

SpyGuard was created by the same author of TinyCheck to detect signs of compromise. Spyguard, similar to TinyCheck, can be installed on a separate device and works on its own wifi network to scan the victim’s device for Indicators of Compromise. To find Indicators of Compromise, SpyGuard uses its own engine with specific detection rules. These detection rules include communication over HTTP/HTTPS using a nonstandard port, communication to a TOR node, a domain name less than one year old, and communication to a network range known for malicious activities.

Why is SpyGuard recommended over TinyCheck? 

SpyGuard is recommended over TinyCheck because SpyGuard has enhanced capabilities in monitoring network traffic and detecting signs of compromise. It’s more up-to-date on current Stalkerware indicators of Compromise than TinyCheck. Although both do a great job detecting stalkerware, TinyCheck is outdated and no longer officially maintained by Kaspersky. SpyGuard utilizes up-to-date Indicators of Compromise and anomaly detection, making it more effective in identifying threats across a broader range of devices. This comprehensive approach allows for better protection and more accurate threat detection than TinyCheck.  

Should I remove Stalkerware from my device?  

Removing stalkerware or other monitoring detection could be detected by the abuser and could increase the abuse and harassment. It is recommended that a safety plan be created when removing stalkerware. A safety plan is a tailored strategy designed to ensure an individual’s safety. Each plan is customized to address the unique circumstances of that person. Only attempt to remove stalkerware if you believe it is safe to do so.

Getting Started Resources: 

• SpyGuard Github: https://github.com/SpyGuard
• Raspberry Pi: https://www.raspberrypi.com 

Information for Survivors: 

• Coalition Against Stalkerware: https://stopstalkerware.org/information-for-survivors
• Federal Trade Commission: https://consumer.ftc.gov/articles/stalkerware-what-know

• Operation Safe Escape: https://safeescape.org/stalkerware-threatens-womens-privacy
• Electronic Frontier Foundation: https://www.eff.org/tags/stalkerware
• Darknet Diaries: https://darknetdiaries.com/stalkerware/
• TechCrunch:  https://techcrunch.com/tag/stalkerware/