As Director of Protection Labs & QA, Alexander Vukcevic is responsible for the development of new technologies for the detection and analysis of new malicious software, still unknown. Together with its team of international experts, it develops new strategies to protect computer systems and mobile devices from all types of attacks and to clean infected systems in real time.
Spyware is a software that secretly monitors and collects information about your online activity, data on your device and a wide range of personal information. Then, this information is extracted from your device and sent to external servers for use in a variety of financial, monitoring and advertising schemes. In addition to its various tracking capabilities, spyware is primarily defined as installed and operated without your knowledge or permission. There are variants of spyware for all major operating systems.
Basic spyware functions
There is a wide variety of spy possibilities under the umbrella of spyware. Some of the most common spyware functionalities are the monitoring of keystrokes, voice, location and messages. In addition, spyware is also used to record login information to the account, such as passwords, which can then be used to steal a person's identity. Here is an incomplete list of primary monitoring skills:
Placement of browser cookies
Lists of contacts
Document of the device and content of the file.
Device / display monitor
E-mail and chat monitoring
Key press record
Social networking activity
Website passwords and account user names
Commercial spyware programs are generally created to collect a wide range of relevant information about user behavior, regardless of the type of confidential personal information that may be collected. These programs or data are usually sold to third parties, who can then make profiles of users who use the service providers to place specially designed ads or simply launch attacks directed at users' devices.
The most famous examples of spyware
Some of the most famous cases of spyware have been from governments and corporations, not hackers. Sony BMG Entertainment's XCP digital rights management software used a variety of tactics and rootkits similar to spyware.
In the German-speaking regions of Europe, the term "Bundestrojaner" or "State trojan" is used to describe the spyware used by security forces. While this type of software will be used only after a court order, the discovery of R2D2 and other variants have led to efforts by antivirus developers such as the German Avira to include it in their list of malware detections.
More recently, the discovery of the zero-day vulnerability in WhatsApp and its use by the Pegasus spyware of the Israeli OSN group led the Facebook-owned messaging application to send a patch to its millions of users.
Signs of spyware infection
The common signs of a spyware infection are when the device behaves slowly, responds more slowly than usual during normal activities, such as typing or surfing the web, uses an abnormal amount of bandwidth and connects to servers that they are not related to your usual browsing activities. In addition, for connected adware schemes, the device's browser may display an unusual amount of targeted ads. However, for more advanced cases such as Pegasus spyware, there are often no visible signs that the target device has been infected.
How did I collect that spyware?
Spyware is spread through targeted and channeled attacks. For intelligence operations administered by the state, the use of spyware is usually directed to a specific objective. Sometimes just answering a call on your smartphone can be enough to get a spyware infection. That is the case of the Pegasus spyware of the Isreali NSO group and its installation on smartphones. The R2D2 "Bundestrojaner" was allegedly placed on the device while going through a personalized airport check.
However, these are extreme and unusual cases. For consumer-quality spyware, cybercriminals usually distribute it through defined channels where spyware features are included along with other functions in a seemingly innocent downloaded application. Both targeted and targeted attacks can exploit a zero-day software vulnerability and specific installation tactics will vary by device and operating system.
However, the main point of vulnerability of spyware is you: the person who uses and installs applications on the device. As part of the installation of a new application or program, a user grants the necessary permission to place the spyware functionality in the system. Even on Android devices, a user gets information about the requested permissions, but in most cases, this information is not read carefully or simply ignored completely.
Antivirus applications have a mixed approach in the way they approach spyware detections. For known malware combinations, the security application can directly stop the download or installation on the device. When spyware features are included in a packaged application, especially without any direct malicious activity, it can cause a warning to the user that they are downloading a "Potentially Unwanted Application" or depending on the severity of the spy functionality, including classify these applications directly as malware.
How can I keep spyware out of my device?
The tactics to keep spyware at bay vary depending on the device and the operating system. However, having a quality antivirus / security system and an installed software updater are prerequisites.
For Windows PCs, a good defense starts by not running the device in Admin mode and having a separate user account for daily operations. This slows down the installation process if you accidentally download some malicious spyware code. Secondly, a software updater must be used to keep the different applications and programs updated on the device.
While Windows will usually fix its own vulnerabilities, this is not the case for many of the other programs and a good updater will automatically search and install updates. The third security tactic is to be more careful when installing new programs from download sites. These may include additional applications called "Potentially unwanted applications" that may not be directly harmful but have spyware functionalities. Click carefully on those terms and conditions.
Android phones are better protected by reviewing app reviews and downloading them only from the official application markets. This will reduce the chances of downloading an application with spyware features. Also, read the fine print on what permissions are requested or what information an application may collect about you during its operation.
Alexander Vukcevic is the director of Protection Labs & QA in Avira.