Stalkerware is often installed secretly on mobile phones by abusive spouses, ex-partners, and other close contacts to spy on their targets.
Over the course of the past three years, Avast researchers have discovered a diverse range of mobile applications intended for non-consensual stalking.
Often installed secretly on mobile phones by so-called friends, jealous spouses, and ex-partners, stalkerware tracks the physical location of the victim, monitoring their phone calls, text messages, and sites they visit to undermine their online freedom and individual liberty.
“National Network to End Domestic Violence (NNEDV) is deeply concerned about the significant increase in the use of stalkerware and the dangerous implications for survivors domestic and dating violence and sexual assault,” says Erica Olsen, Senior Director of Safety Net Project at NNEDV, our US partner. “Our Safety Net Project conducted an assessment of service providers documenting that the most common types of technology abuse – harassment, limiting access to tech, and surveillance – all increased during the pandemic.”
And here’s the kicker: Across the globe, the risk of encountering stalkerware on a mobile device has increased by 239% globally over a three-year period.
What do stalkerware apps look like?
Our team’s recent analysis has found that child surveillance apps that can remotely control affected devices and stay hidden have become one of the most prevalent forms of stalkerware and are often misused for monitoring calls, SMS, internet activity, social media use, recording audio and video, taking photos or screenshots of a person’s phone, and tracking live locations.
Refuge, our partner that helps people in the UK who are dealing with domestic violence, has seen similar patterns.
“Refuge has seen an increase in tools that are marketed for children’s safety being mis-used by perpetrators to stalk survivors,” Emma Pickering, Senior Operations Tech Abuse Manager at Refuge, says. “In Refuge’s specialist technology facilitated abuse team, we hear from countless survivors who tell us that stalkerware apps have been installed on their phone, giving their perpetrator tools to continue to intimidate, harass, monitor, and manipulate them. This access can happen remotely, undetected, and often these apps are hard to spot.”
Another type of unlikely stalkerware are apps that market themselves as lost or stolen device trackers. Once installed on a device, they either hide themselves completely or present themselves as Notes applications to evade detection from the unsuspecting phone owner. The stalker can control these apps remotely and carry out similar malicious activity.
“The growth we’re seeing in stalkerware is a huge concern,” said Ondrej David, Malware Analyst Team Lead for Avast. “Stalkerware has the capacity to inflict serious physical and psychological harm on those affected. This is not only about stealing personal data; there are also tangible implications concerning the safety of the individual targeted.”
Stalkerware is an extremely important issue for individuals to be aware of, and it’s also one that Avast is committed to fighting against. Since February 2021, Avast has been a member of the Coalition Against Stalkerware. Alongside other leading security software companies, members of the coalition continue to combat digital tracking and abuse.
Common signs of stalkerware apps
Avast Threat Labs has outlined a handful of telltale signs that your device may be infected by stalkerware. Here’s what to be out the lookout for:
- Your device’s performance is suddenly and unexpectedly worse. You may notice slow-downs or more frequent crashes or freezes.
- Your settings have changed without your consent. If you suddenly have a new browser homepage, new icons on your desktop, a different default search engine, or other changes that you did not make, it might be due to stalkerware.
- You get odd messages, such as a sudden flood of pop-ups or error messages from programs that always worked fine before.
- You have unexplained calls on your bill.
- The abuser has had physical access to your device.
- The abuser knows things about what you are doing, where you are going and who you have been communicating with.
How to remove stalkerware from your phone
First, in a situation of coercive control, removing stalkerware from your phone could inform the abuser that you have found and deleted it, which could put your physical safety at risk. Therefore, it’s crucial to make sure you are free from harm before removing stalkerware applications from your phone.
To get started, reboot your phone into safe mode. To do so, hold down your phone’s power button to see your ‘Power off’ and ‘Restart’ options. Long-press the ‘Power off’ option and the ‘Reboot to safe-mode option’ will appear. Tap ‘OK’.
Next, be sure to remove any suspicious apps. Once rebooted in safe mode, open your settings, and tap ‘Apps’ or ‘Apps & notifications’. Sort through your apps and look for anything that you don’t recognize.
Finally, remove any malicious apps by tapping ‘Uninstall’ to remove them from your device. If you’re not sure if an app is malicious, search for the name of the app on the internet to see if other people have shared any issues with it.
If you think you’re at risk of stalkerware, here’s what you can do to prevent it:
- Secure your phone against all unauthorized physical access. Ensure your phone or device uses two-factor authentication such as a pin code and a second form of identity confirmation, for example an email backup or thumbprint.
- Install a reliable antivirus product on your mobile phone. A good mobile antivirus will treat stalkerware as a potentially unwanted program (PUP) and give you the option to remove it.