Below is some important information regarding Stalkware. If you need immediate help, please see our list of Resources.
How To Recognize Stalkerware
In understanding whether you may be a victim of Stalkerware, it first begins with knowing exactly what it is. Our “What is Stalkerware?” article gives in-depth details about what this unethical software does. To highlight some of the key points, Stalkerware can result in the theft of data, monitoring of emails, SMS and MMS messages sent and received and even intercept your phone calls for the purposes of eavesdropping.
Stalkerware services imply that their customers personally know victims, because these commercial spyware apps are manually installed. Users have to download the app, install it and enter credentials that are received after purchasing.
In most cases, stalkerware programs cannot be found or listed in the App Store or Google Play, due to their aggressive nature. However, it may sometimes happen that these stalkerware programs appear in official app stores. Then official app stores receive complaints from cybersecurity researchers and remove stalkerware programs.
Stalkerware can be easily found after a quick internet search, and downloaded from dedicated landing pages. Of course, these programs are urging users to enable the installation of applications hosted outside of the official app store, which can often put devices at risk of infection by malware.
Stalkerware can be installed on Android and iOS devices, there are also desktop versions of commercial spyware, which are not particularly popular. It is important to mention that stalkerware’s installation on iOS devices is a much longer process, and iOS stalkerware can also have much less features compared to Android. Furthermore, for attackers to perform extended exfiltration activities on iOS devices, the devices need to be jailbroken or can be installed through Mobile Device Manager.
Indicators of Stalkerware
- Mobile phone, device or laptop goes missing and reappears. (This may not raise suspicion at first, but sometimes can be a method by someone close to you or unknown to you to install Stalkerware). Check your device for different settings or changes you do not recognize.
- Lending your device for an extended period of time to someone and noticing changes in settings or unknown apps you do not recognize. (This is similar to the warning sign above, but in this particular case is very subject to being done by someone you may know). Check legitimacy of unknown apps or processes via an online search.
- ‘Unknown sources’ setting ‘Enabled’ on an Android device. (The default setting for ‘Unknown Sources’ setting on Android is ‘Disabled’. If you have never enabled this option, check to see if it is ‘Enabled’, this can be a sign of tampering. Go to ‘Settings > Security> Allow Unknown Sources’ in order to check. This may be different per device and vendor.
- Unexpected battery drain (Android and iOS devices)
- Strange behavior from the device operating system or applications (Android and iOS devices)
- Unfamiliar app or process is on your device. (Generally, Stalkerware will use generic names or names misspelled that closely resemble a legitimate application in order to avoid detection. If you notice any app or process that you are not familiar with, do not open it. Search online to check whether it’s legitimate and then delete it.
- Presence of an app called Cydia (iOS devices). This is an issue for jailbroken iOS devices and allows the culprit to install software packages.
- Active sessions on devices you did not authorize. If you use Google services it allows you to check on active sessions. You can check your Google account page by clicking ‘Device activity & notifications’ and seeing all devices that recently accessed your account. Facebook ‘Security and login’ settings shows you this information as well. If you see active sessions on devices you did not authorize, log out of them immediately.
- Using easy passwords that someone close to you can guess. (If someone you know can take a good guess at what words you may use for passwords or if you use names of people, pets, birthdates, that they can guess, it can be likely they could take a guess at your security questions and gain access to online accounts.
- Webcam permissions are on for applications you did not give permission too. (In Windows, it’s fairly easy to check what applications use the webcam, go to Privacy Settings > Camera , to see what applications have access, and turn off any you do not need.
If any of the above indicators resonate with you, you may have Stalkerware on your device.
Below are some steps to take if you believe you have Stalkerware on your device. It can be hard to spot and remove, but it is not impossible.
- Important to Note. If you delete stalkerware, whoever installed it would know that it’s been disabled. So it’s important to understand that before taking any action, and to have a safety plan ready. One of the points of this plan may be: contact organizations working with victims of domestic violence.
- Consider getting a burner phone and going to law enforcement before taking any action
- Change all your passwords and security reset questions for all online account
- Protect your device physically to prevent any future tampering. Make sure mobile devices are locked via PIN code, biometrics or patterns.
- Enable two-factor authentication
- Make sure the OS is up-to-date on your device.
- Run a malware scan. It may be able to detect, but not proven to be effective in every case.
- Consider creating a new email address known only to you and link your main accounts to it
- Turn off permissions for any application that does not need access to your webcam. In Windows 10, click Privacy Settings > Camera, to see which apps can use the webcam, turn them off.
- Factory Reset your device. Most Stalkerware can be removed this way, but some have been claimed to survive even past a factory reset. Backup your photos and important files then perform the full factory reset. For Android, go to Settings>Backup & Reset > Factory Data Reset. For iOS, you will need to plug your phone into a computer running iTunes, then reset it from there using Restore iPhone.
After completing steps in removing Stalkerware, continue to monitor your devices and check for any signs of the indicators of Stalkerware. If you are still noticing any suspicious activity on your device even after a factory reset. It may be cause for a more extreme measure:
- If all else fails, consider getting a new device. It may be best to get a new device if all other attempts of removal do not work.
Whether the Stalkerware was able to be removed via one of the measures above or it came down to having to get a new device, moving forward, protect physical access to your device. One of the most common methods of installation is physical access. Continue to stay proactive in preventative measures by using the information and resources here.
How to Minimize Risk
5 pieces of advice on how to minimize your risk of being a victim of stalkerware:
- Protect your gadgets with a very strong password (not a fingerprint)
- Change your passwords on a regular basis and never disclose it to anyone, not even to family members
- Block installation of third-party apps
- Check apps installed on your device at regular intervals and delete those you do not need. Also pay special attention to those apps that have suspicious permissions like access to GPS tracking, SMSs monitoring, calls recording, etc.
- Use reliable security protection