The use of spyware and stalkerware has surged during the lockdown, claims Avast. It says usage of these privacy busting apps for the period March to June is up 51% on the period January – February. In Germany, Japan and the UK, usage in April alone was more than double the usage in January.
Avast blames the increase in spyware and stalkerware apps on domestic abuse and COVID-19 apps. Erica Olsen, Safety Net project director for the National Network to end Domestic Violence (NNEDV) in the US as saying: “Stalkerware, which is designed to operate in stealth mode with no persistent notification to the user of the device, gives abusers and stalkers a robust and invasive tool to perpetrate harassment, monitoring, stalking, and abuse.
“This can be terrifying and traumatizing for the person. It also raises significant safety risks when the products allow the abusive person to track and locate the victim without their consent or knowledge. During this public health crisis, there have been several reports documenting the increased detection of stalkerware, which could be indicative of increased access to personal devices during lockdown or stay-at-home orders. It could also be reflective of an abuser increasing or changing their tactic if the victim is now actually out of the house more often, if they are an essential worker in healthcare, for example.”
It is not just abusers that are increasing their control and data theft. Spyware is used to steal data such as bank and work access credentials. It is then used to steal data and more from victims. Avast says that it has seen a number of COVID-19 apps designed to spy on users by collecting far more data than necessary.
What can users do to protect themselves?
Avast suggests three things that users can do to protect themselves against spyware and stalkerware.
- Secure your phone against all unauthorised physical access: Use the built-in device security to add a PIN or biometric lock. Pew Research, says over a quarter of mobile users have no lock-screen protection on their devices. It makes it easy for someone to install software on the device.
- Install a good, mainstream antivirus product on your mobile phone: Mobile antivirus will treat stalkerware as a PUP – a potentially unwanted programme. Once detected, it will allow the user to uninstall it and any other malware. Avast worked with Google to remove eight of the biggest stalking apps from the Play Store last year.
- Look for hotlines and victims’ services providers: However, if you don’t feel safe, trust your instincts. If you need to source help and support fast – you should not hesitate to seek it. Organizations such as Operation Safe Escape can help.
Users should also take care when installing a COVID-19 app. Cybercriminals have written their own pseudo-COVID-19 tracking apps to steal data. It means that just looking at the privacy policy to see what data an app will use is not good enough. Only install a COVID-19 app when it comes from an official source and always check that it is not a fake app.
Employers can help employees by providing free licences to protect their personal devices. Many are increasingly using their devices for work purposes, and the installation of endpoint protection software is in the employer’s interest. By providing licences to employees, it will help keep business data safe.
Enterprise Times: What does this mean?
The reported rise of spyware and stalkerware comes as no surprise. It is not just domestic abusers who are using these apps. Parents have been encouraged to use them under the guise of keeping their children safe from online-harms. Employers have also deployed spyware and workplace surveillance apps to see if work from home employees are doing their job.
Avast is recommending users increase the security of their device and install security software. However, it is never as easy as that. As the spyware activities of some COVID-19 apps show, even with security software, apps can still take data from phones. However, proper security software will be updated continuously and detect malicious apps, allowing the user to delete them.