|
|
Spyware may seem like something out of a Hollywood movie, but commercial versions of such programs (known to cybersecurity experts as Stalkerware ) are an everyday reality for many people. For just a few dollars, anyone can get a ready-made software product that allows them to spy on partners – current or former – or even strangers. All it takes is installing a special app on the victim’s smartphone or tablet; the spy then has access to a whole range of personal data about the user under surveillance – from location to SMS and social media messages – and also receives data from the device’s camera and microphone in real time.
After examining the capabilities of commercial spyware applications, it becomes clear that there are very few differences between commercial surveillance programs (which are detected by most security solutions with a “not-a-virus” verdict) and classic spyware . For example, a consumer surveillance program works as follows:
The command and control server (C&C) is provided by the service owners;
It is easier to buy and deploy than classic spyware. There is no need to visit dubious hacker forums or have programming skills; in almost all cases, manual installation is sufficient.
Commercial spyware has been the subject of public discussion and criticism several times , but its status in most countries remains uncertain. Some manufacturers position their programs as parental control tools. However, despite Cell Phone Number Database some overlap in functionality, these programs should not be confused with similar applications and programs designed to help users find a lost phone. Firstly, commercial spyware is distributed through its own websites, which is a violation of Google's security recommendations. Secondly, the capabilities of these programs allow them to violate the user's privacy without the user's knowledge - the application icon can be hidden in the application menu while the program is running in the background, while some of the application's functions perform surveillance (for example, recording the victim's voice). Some programs even remove traces of their presence on the phone, as well as remove installed security solutions after the attacker grants root rights to the application.
Kaspersky Lab products detect such programs with the verdict “not-a-virus:Monitor.*”. We monitor them closely; two years ago, we published the first review of commercial spyware and continued to monitor the evolution of the threat. Now we decided to continue our research: to look at how spyware is used and to identify the most significant features of the latest commercial surveillance programs.
We analyzed applications for mobile platforms; we are especially interested in applications for Android, because it is under this OS that spy applications are most often installed. In order to perform any significant spying actions on iOS devices, they must first be jailbroken.
In 2018, we found 58,487 unique users with spyware installed on their phones or tablets. That’s a modest number compared to other threats. For example, 187,321 users encountered ransomware during the same period. However, it’s worth noting that when it comes to malware, our data only shows how many people were able to protect themselves from infection. The situation is different with commercial spyware.
Of the 58,487 users on whose devices we found stalkerware, about 35,000 had these applications installed before they installed a Kaspersky Lab product and ran the first system scan. This may indicate that users were not aware of the presence of spyware on their devices.
Overall, we detected 26,619 unique samples of commercial spyware in 2018. Below are statistics on the applications most frequently detected on Android devices of Kaspersky Lab mobile product users.
|
|
發表於 2024-12-22 14:20:59