Security Firms, Nonprofits Team to Fight Stalkerware

The Coalition Against Stalkerware launched this week, with the aim of offering a centralized location for helping victims of stalkerware, as well as defining what stalkerware is in the first place.

The scourge of so-called “stalkerware” has accelerated as mobile cyberattacks in general have become more common, and it’s something that’s being addressed through a security industry collaboration that launched this week.

The term “stalkerware” refers to both surreptitious spyware available on the Dark Web as well as more legitimate applications offered for sale through normal channels. The two have one thing in common: They allow someone to track users’ whereabouts and activities – without the knowledge of the user. Nefarious use can lead to harassment, surveillance without consent, stalking and even domestic violence.

While some of these applications are offered for legitimate purposes – i.e., keeping track of your kids, or tracking employees for telemetry information – the concern is that they can be abused.

That concern was behind the FTC’s recent ban of three apps from Retina-X Studios, which the agency said were “uniquely suited to illegal and dangerous uses. Under these circumstances, we will seek to hold app developers accountable for designing and marketing a dangerous product.”

In a similar vein, just this week the Ghosty app was removed from the Google Play and Apple’s App Store. In return for sharing one’s Instagram credentials, the app will let you see the private profiles of its other users. Some called the app a “stalker paradise.

Its official description was, “You can view all the profiles you want to view including hidden profiles on Instagram. You can download or share photos or videos from your Instagram profiles to your gallery. In addition, you will soon be able to access many new features related to your Instagram account.”

Kaspersky analysis recently found that there were more than 518,223 cases of stalkerware infections detected by its products in the first eight months of 2019 – a 373 percent increase year-over-year. The threat landscape for stalkerware has also widened, as Kaspersky has detected 380 variants of stalkerware in the wild in 2019 – 31 percent more than a year ago.

And according to Malwarebytes analysis, these consumer surveillance programs can be had for as little as $7 per month. They stay hidden while keeping their operators informed about the device activity, such as its owner’s location, browser history, text messages, social media chats and more. Some of them can even make video and voice recordings.

“Through industry collaboration, not only do we have the power to inform consumer of this technology, but we also have the power to start making it a standard to start tracking, detecting and blocking this malware from protected devices,” Vyacheslav Zakorzhevsky, head of anti-malware team, told Threatpost.

To address this rising tide, the Coalition Against Stalkerware launched this week, with Avira, Electronic Frontier Foundation, European Network for the Work with Perpetrators of Domestic Violence, G DATA Cyber Defense, Kaspersky, Malwarebytes, National Network to End Domestic Violence, NortonLifeLock, Operation Safe Escape and WEISSER RING all signing on.

Its purpose is to create a centralized location for helping victims of stalkerware, as well as to define what stalkerware is in the first place. Creating an agreed-upon standard definition for stalkerware along with detection criteria will help IT security professionals to communicate around the issue, the group said.

That definition is: “Stalkerware programs carry the possibility for intrusion into a person’s private life and are being used as a tool for abuse in cases of domestic violence and stalking. By installing these apps, abusers can get access to their victim’s messages, photos, social media, geolocation, audio or camera recordings (in some cases, this can be done in real-time). Such programs run hidden in the background, without a victim’s knowledge or consent.”

“This topic is so important because until now, there was no agreed upon protocol or detection for stalkerware,” Zakorzhevsky told Threatpost. “This is not only important on a human level, being that it is unsafe, unethical and abusive to track someone’s phone activity without their knowledge, but also on a security level as the malware can actually leak users data leaving both the abuser and the victim at risk of a cybersecurity issue.”

The Coalition has also launched an online portal,, with the goal of providing a helpful online resource for victims of stalkerware. Users will find information on what stalkerware is, what it can do, and, most importantly how to protect themselves.

“Stalkerware, used for spying on phones and computers in domestic abuse or harassment situations, is a very serious problem, and it often goes hand-in-hand with other forms of abuse, up to and including physical violence,” Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, said while announcing the initiative. “The ubiquity of stalkerware is a complex problem and we need stakeholders from all parts of society in order to fight it effectively.”

Anna McKenzie, communications manager at the European Network for the Work with Perpetrators of Domestic Violence (WWP EN), added: “Studies have shown that 70 percent of women victims of cyberstalking also experienced at least one form of physical or/and sexualised violence from an intimate partner. We need to stop perpetrators from using their partners’ phones for stalking and hold them accountable for their violence. The Coalition Against Stalkerware enables us to bring our knowledge on gender-based violence and perpetrators to IT security companies – so we can work together towards ending violence against women and girls perpetrated via new technologies.”

Is MFA enough to protect modern enterprises in the peak era of data breaches? How can you truly secure consumer accounts? Prevent account takeover? Find out: Catch our free, on-demand Threatpost webinar, “Trends in Fortune 1000 Breach Exposure” to hear advice from breach expert Chip Witt of SpyCloud. Click here to register.

Suggested articles