What is Spyware?
Spyware is an umbrella term for a broad category of malware that observes and records your use of your computer and sends that information back to the threat actors. They can capture keystrokes, browsing habits, payment card details, usernames, passwords, files that you’ve created or opened, and emails that you’ve sent.
Extracted personal information can also be used for identity theft and other types of fraud.
How is Spyware Installed?
Several types of malware qualify for the definition of spyware, and they make it to you in various ways.
Adware pushes unwanted adverts onto your desktop and in your browser. The threat actors are paid a tiny amount per delivery of an advert or each time a user interacts with an advert by clicking a link or button. The adverts can be downloaders for other forms of malware.
As well as delivering unwanted adverts to you, adware usually monitors your activities and keystrokes.
A surprise entry in the list, perhaps, but cookies are able to extract a tremendous amount of personal information from your computer. The majority of data-gathering cookies feed into the great online marketing machine, but more sinister and malicious cookies are not unheard of.
A trojan is a form of malware that piggybacks its way onto your computer when you download or install a compromised – or purposefully malicious – software application. Once installed, trojans can perform many types of illegal activity, including installing other malware.
Some trojans install keyloggers or other data-stealing programs.
Keyloggers capture every keypress you make. So the threat actors obtain your usernames and passwords for every account you log into. Keyloggers can be used for simple financial gain or for industrial espionage.
Some online shopping sites reward websites that direct traffic to them. When the stealware detects you’re going to one of those shopping websites, it modifies the messages sent to the site to make it think the site you are leaving is the threat actor’s site.
That way, the cybercriminals accrue the credits from the online shopping sites.
System monitors are like keyloggers on steroids. They record everything that happens on the computer. All keystrokes and all traffic in and out of the computer, including emails, chat conversations, which programs have been used, which websites have been visited, and video or VOIP calls that have been made from the infected computer.
Sophisticated examples can also assess the defenses and weaknesses of the computer and send the list of vulnerabilities to the threat actors.
How Does It Spread?
Spyware uses all the usual distribution methods to propagate itself.
Phishing emails with malicious links or attachments are used most frequently. If you fall for the scam and click the link, you’re taken to a malicious website that infects you. But these types of links can be delivered through other mechanisms, too, such as text messages, pop-up windows in your browser, and adverts on web pages.
Cybercriminals make use of legitimate advert delivery platforms to distribute their malicious adverts. Sometimes the user doesn’t need to click anything. The malicious advert can push a malware downloader onto your computer with no interaction from you.
Likewise, threat actors can inject malicious code into legitimate web pages. Landing on one of these pages is enough to trigger an infection or to redirect you to a lookalike, malicious website that will exploit a browser vulnerability. These types of attacks are called drive-by attacks.
Users can be enticed to download spyware. Downloading music, films, or software from file-sharing or illegal torrent sites is a high-risk activity. Many of the torrents are compromised and carry unwanted malware stowaways.
Smartphones are also targets for spyware. Policing the Google and Apple app stores is a massive and complicated task. Great strides are being made, but examples of malicious apps masquerading as games or useful utilities are still hitting the news.
Choosing to install software because a pop-up window in your browser offers you a free scan or a way to speed up your PC will result in malware being installed.
How to Detect Spyware
Detecting spyware on your computer or smartphone can be a bit like finding a needle in a haystack – challenging but not impossible. However, there are some telltale signs and methods you can use to identify whether your device is compromised.
Here are some common symptoms that you’ve been infected with spyware:
- Sluggish Performance: If your computer or phone is running slower than usual, spyware could be hogging your system’s resources.
- Frequent Pop-Ups: An excessive number of pop-up ads can indicate the presence of adware, a type of spyware.
- Unexpected Data Usage: A sudden spike in data usage could mean that spyware is transmitting information from your device.
- Battery Drain: An unexplained rapid battery drain on your smartphone may be a clue.
- Unauthorized Transactions: Check your bank statements for unauthorized activity, which can indicate that your financial details are compromised.
- Unusual System Behavior: If your device is acting strange – like crashing frequently or displaying error messages – it could be infected.
How to Remove Spyware
If you suspect that your device is infected with spyware, disconnect from the internet to prevent any further data transmission to the threat actor. Run a full system scan for spyware using a reputable antivirus or anti-malware program. Follow the software’s recommendations to quarantine or remove the detected spyware.
Post-removal, change all your passwords, especially for critical accounts like email and financial services, to prevent unauthorized access. Keep your security software updated, and always exercise caution when downloading software or clicking on links to keep your system spyware-free moving forward.
How to Prevent Spyware Infection
Avoiding infection is a combination of technology and user behavior. A good endpoint protection software suite should be used, centrally managed, and updated at least daily.
Phishing attacks are the most frequent type of cyber threat facing SMEs and a prime method of distributing spyware. The usual cares and concerns regarding unsolicited emails, links in emails, and attachments should be kept at the forefront of the users’ minds.
Only download software from the websites of the software authors, their trusted sites, and distribution partners.
Only install apps on smartphones from the official app stores. Don’t allow staff to jailbreak or otherwise circumvent the security of the device to allow access to unofficial app stores. Mobile device management software can enforce this on corporate handsets, along with other policies, such as always requiring a PIN or fingerprint to unlock the phone.
Always keep your software – and especially your browser – patched up to date. Because drive-by attacks exploit browser vulnerabilities, keeping your browser on the latest version reduces the chances these attacks will be successful.
Because spyware software is closely associated with adware, you might consider an ad-blocker or using the ad-blocking capabilities of your browser. It should be noted that some ad-blocking and anti-tracking/anti-spyware software has been found to be covertly tracking your online activity itself.
And finally, as always, good staff awareness training can be the easiest and most cost-effective spyware protection.