Spyware and stalkerware: How to check and protect your business devices

A woman in a pink top sits at a computer

In 2020, media outlet Al Jazeera discovered that 36 of their employees were targeted by a sophisticated spyware attack. The attack involved spyware infections on mobile phones, laptops and other devices that were used to monitor the online activity of Al Jazeera employees and use their personal information against them.

The spyware enabled the attackers to eavesdrop on vast amounts of data, including keystrokes, screenshots – even the GPS location of the individual users.

While the idea of an anonymous cybercriminal spying on your phone or laptop is unsettling, spyware can be used by anybody through a simple purchase and download.

Read: How to stay cyber-safe between offsite and onsite workplaces

In its best cases, legitimate versions of stalkerware apps can be used for ethical purposes such as parental control (using Google Maps services to access the location of your children or a consenting partner). At its worst, spyware can be used maliciously by a cybercriminal, or even a controlling person to discreetly monitor all activities performed on your device.

So, how are spyware and stalkerware used?

There are 2 types of spyware and stalkerware: legitimate and illegitimate.

Legitimate spyware

A legitimate spyware application might include Google Maps location sharing, Snapchat, or even basic workplace monitoring tools that are used to track activity on business devices. Despite being legitimate applications, these can be used for malicious purposes if the user forgets to turn off tracking or is otherwise unaware of their presence.

Illegitimate spyware

An illegitimate spyware application refers to a piece of malware (malicious or harmful software) that is specifically designed to spy on a victim’s activities without consent. These are typically acquired through online purchases and corrupt means of installation without the victim’s knowledge.

Both legitimate and illegitimate spyware can be used against an individual or an entire organisation to gather personal data.

Global antivirus leaders Avast reported a 51% increase in spyware and stalkerware usage since the initial COVID-19 lockdowns in 2020, and today they are more prevalent than ever.

How does a spyware attack happen?

Spyware is a form of malware (a computer virus) and it can infect a device in a number of ways such as email or SMS scams (phishing) and corrupted downloads.

The most concerning trend of spyware infection is the ‘Zero-Click’ variant where the target of the attack doesn’t even need to click a link to become infected.

This type of attack is known as The Pegasus attack and is used specifically against Apple’s iOS software to automatically install a pervasive spyware infection.

This level of infection can be difficult to fix and exposes the entire organisation to an attacker, enabling them to monitor large amounts of personal and business information.

What does spyware mean for my business?

A common use of spyware in a business setting is when a cybercriminal or potential business competitor purchases and deploys spyware against employee devices. This allows them to steal sensitive information.

Anyone can purchase spyware, effectively as a virus-for-hire, to deploy against an organisation. While we strongly discourage the use of spyware, it’s important to demonstrate just how easily spyware can be purchased and deployed.

A simple Google search of the phrase ‘Spy on phone’ or ‘How can I view my partner’s phone activity’ will display a range of readily available spyware and stalkerware services available at the click of a button.

As such, it is crucial for all business owners to understand the common ways your devices can be infected by spyware, and how you can prevent and remove a spyware infection in your organisation.

How to detect spyware on your device

Tips for smartphone users

Keep an eye on unusual phone activity on your device. For example, the symptoms of a spyware infection on a mobile phone may include:

  • overheating
  • slowness
  • unexpected shutdowns
  • shorter battery life

Tips for Apple users

Apple devices are famously designed to be incorruptible by viruses. As such, conventional spyware applications need to use Apple’s App permissions to function.

For all Mac devices, it’s important to routinely review the privacy settings to determine what apps have access to things such as camera access, location and other features.

Tips for Windows users

The average Windows user has encountered a virus at some point in their life. The best practice is to use a trusted anti-virus scanning tool, such as Kaspersky or Avast. It’s important to note that some legitimate spyware tools, such as parental control applications being used maliciously, might not be detected in a scan. If you are uncertain, consult with an IT professional for a full review of your Windows machine.

How to remove spyware from your device

Make sure to routinely check what apps are installed on your Android or iPhone device. If you suspect that your iPhone is infected, a factory reset is the safest bet for removing the malicious spyware. On Android, use a trusted anti-virus scanning and removal tool.

Tips to prevent spyware on your device

Keep your devices up to date

While the majority of spyware is performed via phishing attacks, they often need to exploit outdated software to function. In the case of the Pegasus attacks, attackers used out-of-date iPhone software to infect their victims. Update your phones, computers, and tablets regularly to reduce your risk as much as possible.

Promote phishing awareness

The majority of spyware is delivered by fraudulent email or SMS messages. It only takes one mistakenly clicked link to download a Spyware infection.

Ensure that you and your colleagues are routinely trained on how to spot a phishing scam.

Create an access control policy

Many of us are still working remotely since the start of the pandemic. As such, housemates and family members can often mistakenly (or intentionally) install spyware or stalkerware on devices intended for work. Ensure that all work devices use a unique password that only necessary workers can use. Learn more about how can your business identify and avoid Remote Access Scams.

Low effort now for high protection later

In response to increasing cybercrime, business owners are becoming more involved in their organisational cybersecurity than ever before. As we move into the end of the year, put time aside to discuss spyware with your colleagues and schedule some routine checks and updates.

These small acts will go a long way to keep your organisation safe and free of spyware, protecting your business, your customers and your reputation.

Visit the Business Victoria website to learn more about cybersecurity.