All about Stalkerware: Protection, detection, and removal

Ramya Srinivasan June 3, 2021 Malware Central

Use of softwares to spy is not uncommon, but, in the last few years some of these solutions have marketed themselves as legit use softwares aka Stalkerware. These softwares are available in the form of Kids monitoring applications, spouse monitoring applications, and so on.

We have conducted detailed research to get you the answers to some of the key questions around them.

What is a Stalkerware?

Stalkerware is used for deep surveillance of smartphones and devices and can be installed by anyone including parents, a jealous boyfriend, spouse, a colleague, by your organization, or by a business rival. It is also known as spouseware or legal spyware.

A Stalkerware can pretty much capture anything from the phone or the system that one can think of.

What is the difference between Stalkerware and Spyware?

Stalkerware is marketed as a legitimate application to track kids, spouses, or employees. Unlike Spywares, they are legal in some countries and fall under the grey area for most other countries. Spyware, on the other way, is used by hackers and cybercriminals and is blocked by anti-malware solutions.

What activities can a Stalkerware capture?

Following are some of the things that a Stalkerware can capture –

Keystroke tracking
Taking screenshots or screen recording
Tracking of the GPS location
Reading emails and messages
Capturing photos, videos, or any other files
Listening or recording phone conversations

Is Stalkerware legal?

Stalkerware is legal in some countries and falls in a kind of grey zone for most other countries. They are marketed as useful software. Sometimes as a child monitoring tool or an employee monitoring or insider threat solution which gets them a legit status.

How do I know if my phone has Stalkerware?

Following are some of the signs that can help you understand if your devices has Stalkerware:

The device feels slower than usual and hangs often
The battery seems to be draining faster
Your mobile data uses are increased
The device goes missing and reappears
You observed unfamiliar applications or processes
Unknown sources setting is Enabled (Android)
An application called Cydia is installed (iOS)
Active sessions on devices you did not authorise.
Webcam permissions are on for some applications
It just feels different or strange in any way

However please be noted that these are just some indicators and you may actually not see any signs at all.

How can someone install Stalkerware on my phone?

There are actually multiple ways to do it, some of them are:

1. Physical access to the device

This is usually the scenario in most of the use cases. Whenever any application is installed, it requires administrative privileges. So the stalker actually needs to have physical access to the phone in most of the scenarios and the installation can be done within few minutes.

2. Remote Deployment by sending a URL link

The victim can be tricked into clicking over a link and installing the Stalkerware via a link over any messeging software or social media platform.

3. Remote deployment using an MDM solution

If the device is managed by your organization and they decide to monitor your activities, they can push is remotely using the solution used to manage your device. Now in most of the scenarios, they actually will inform you before doing any such things. However depending on the nature of business, if your organisation has an insider threat program, they will actually do it without informing you.

4. Unknowingly or by mistake

You can unknowingly install a Stalkerware app bundled with other software when visiting malicious websites, or downloading app from third-party app stores.

What can I do to stay protected?

Use parental control to prevent install and download of any software
Follow security best practices for your device
Do not give your phone to someone you do not trust
Do not install software from unknown links
Frequently change your passwords
Uninstall any applications not used for long
Keep a check on your browser history

Also please refer to our security guidelines for Android devices which will help you to secure your devices.

Can someone install Stalkerware on my phone without even touching it?

It is possible to trick the victim into clicking over a link and installing the application. Another scenario can be, that your organization can install it using a Mobile Device Management (MDM) solution.

Precautions before removing Stalkerware

Please don’t rush to remove it if found on the device. As someone is watching your behaviour, this will not go unnoticed. The abuser may be a potential safety risk and may even escalate the abusive behavior.
Reach out to local authorities supporting victims of domestic violence
Consider whether you would like to preserve evidence of the Stalkerware before proceeding to the removal.
Trust your gut instinct and do what feels safest to you.

How to remove a Stalkerware from my Phone?

If it’s installed by your organization as a insider threat monitoring tool and the device is provided and managed by them, you will not be able to do much. In this scenario, the best option will be to use the device cautiously and only for intended use.

If the device is owned and managed by you, You can use following steps to spot and remove the Stalkerware from your Android or IOS Device.

1. Get an Anti-Malware Solution

Most of the stalkerware can be detected by these solutions, however be cautious as since they are legal in some countries and falls under the kind of grey zone in most other countries, the solutions can not detect them as malwares.

Most antivirus vendors can detect and mark them as not-a-virus or something similar, which may be misleading for the users.

2. Use Tinycheck to check for Stalkerware

If you are tech savvy, you can use TinyCheck which is a purpose built application from Kaspersky Labs. Tinycheck is an open-source tool available on GitHub.

It can be run from a (different) smartphone or a computer and acts as a WiFi access point. Once set up and connected to a smartphone, TinyCheck will analyze that smartphone’s Internet traffic and determine if it is sending data to a known, malicious server.

The best part is, it works for both IOS and Android, and does not leave a trace.

3. Use Certo spyware detection tool

Certo is a powerful Spyware detection utility which can effectively help you identify and remove spyware from you Android or Iphone device.

It can be downloaded from Play store for Android devices. For inspection of IOS device, they offer a software which can be run from Windows or MAC system.

4. Update your device firmware version

There are good chances, that it’s gonna kill the Stalkerware. However if it refuses to update please move to the next step.

5. Factory reset the device

Well the Stalkerware will not survive this. But if you observe the same signs again after few days, chances are, that your stalker has physical access to your phone (well it may be your boy friend, girl friend or spouse). In this scenario please move to the next step.

6. Reach out to the authorities for help

If you are suspecting monitoring, or stalking, trust your instincts and find a safe way to learn about your local resources and options. If you think you are a victim of Stalkerware, the person monitoring you will be able to see any searches for help or resources.

It will be a good idea to use a different device for that. Coalition against spyware has compiled a helpful list which can be accessed at this link.

What are some Stalkware applications for IOS and Android?

Following are some of the leading Stalkerware applications which support both Android and Iphone:

Mspy
Cocospy
Highstermobile
Auto Forward
iKeyMonitor
Spyera
FlexiSPY
XNSPY
Mobistealth
Web Watcher

Please be noted that this is not a comprehensive list and provided only for informational purpose.

While using the Stalkerware applications may or may not be legal in some countries, it most certainly is unethical and violation of privacy of individuals.