Stalkerware infections increased by half in 2019, Kaspersky reports

A mobile malware evolution report for 2019 published by cybersecurity company Kaspersky shows a worrying increase in stalkerware app usage.

 

Image: Kaspersky

According to Kaspersky’s yearly mobile malware evolution report, stalkerware infections increased from 40,386 in 2018 to 67,500 in 2019. While data from previous years is not available as Kaspersky only started detecting stalkerware in 2018, the almost doubled number of cases is rather worrying.

For those unfamiliar with the term, stalkerware is essentially software installed on a mobile device to track its location, read messages, access files, etc. While there are legitimate reasons for using these apps, many people use them to track and spy on their spouses, girlfriends, boyfriends, children, employees, etc., without permission. Some apps are simply trackers, while others are full-fledged stalkerware.

The apps are easy to install and are hidden, allowing the spying to go on for a long time. Depending on their type, they may also allow one to harvest almost all data on the victim’s phone, including files, phone call logs, texts, location, screen taps, etc. Even more worryingly, Kaspersky notes that the perpetrator who installs the tracker app may not be the only one with access to the infected device’s data.

“If such an app gets onto a device, messages and data about the user’s location become accessible to third parties. These third parties are not necessarily only those tracking the user: the client-server interaction of some services ignores even the minimum security requirements, allowing anyone to gain access to the accumulated data,” Kaspersky said.

Stalkerware apps are no longer available on Google Play Store

Because of their highly questionable usage, stalkerware apps are no longer allowed on Google Play Store. The official Android app store removed the majority of these apps in 2018 after changing their policy on malicious behaviour. This, however, has not stopped people from using them. Stalkerware apps are easily downloadable from developers’ sites and third-party app stores.

The good news is that mobile security vendors have also started detecting stalkerware apps as threats, effectively warning people that someone in their circle is actively spying on them.

Spying app KidsGuard leaked highly personal data from victims’ phones

Technology news website TechCrunch recently reported that stalkerware app KidsGuard, developed by ClevGuard, was keeping data essentially stolen from victims’ phones on an unsecured Alibaba cloud storage bucket. While advertised as a tool to monitor children and keep them from harm, KidsGuard is also actively promoting spying on spouses/significant others without their knowledge and consent. According to the report, the bucket containing the data from infected phones was public and not protected with a password, meaning anyone could have accessed it. The data exposed also included that of children, as parents often use spying apps to monitor their kids.

The app can be installed pretty easily if physical access to the victim phone is available. To prevent victims from noticing and deleting the spyware, the app is disguised as a system update app once installed and is not visible unless users know what they’re looking for. The app allows the perpetrator to monitor the victim’s messages, including messaging apps such as Facebook Messenger, and see/track the location.

TechCrunch also provided a helpful guide to help potential victims identify if KidsGuard is installed and delete it.