As Director of Protection Labs & QA, Alexander Vukcevic is responsible for the development of new technologies for the detection and analysis of new and unknown malware. With his team of international experts, he develops new strategies to protect computer systems and mobile devices from all kinds of attacks and clean infected systems in real time. Spyware is software that secretly monitors and collects information about your online activity, data on your device, and a wide range of personal information. This information is then extracted from your device and sent to external servers for use in a variety of advertising, monitoring, and financial systems. In addition to its various tracking capabilities, spyware is primarily defined as installation and use without your knowledge or permission. Spyware variants exist for all major operating systems.
Basic spyware functions.
There is a wide range of potential spy capabilities under the spyware umbrella. Some of the most common spyware functions are the monitoring of keystrokes, voice, location and messages. Additionally, spyware is also used to record account login information, such as passwords, which can then be used to steal someone's identity. Here is an incomplete list of the main surveillance capabilities:
- Place browser cookies
- Contact lists
- Device document and file contents.
- Device / display monitor
- Follow up on emails and discussions
- Writing record
- Printer activity
- Record voices
- Social media activity
- Track location
- Website passwords and account usernames
Commercial spyware is generally created to collect a wide range of information relevant to user behavior, regardless of the type of sensitive personal information that may be collected. These programs or data are generally sold to third parties, who can then establish a user profile, which is operated by service providers to place advertisements specifically designed for this purpose or simply to launch targeted attacks on the service providers' devices. users.
The most famous examples of spyware.
Some of the most famous spyware cases come from governments and corporations, not hackers. Sony BMG Entertainment's XCP digital rights management software used a variety of spyware and rootkit-like tactics. In the German-speaking regions of Europe, the term "Bundestrojaner" or "state Trojan" is used to describe spyware used by security forces. Although this type of software is only used after a court order, the discovery of R2D2 and other variants has prompted efforts by antivirus developers such as the German Avira. , to include it in its list of malware detections. More recently, the discovery of the "zero-day" vulnerability in WhatsApp and its use by Israeli group NSO's Pegasus spyware has prompted the Facebook-owned messaging app to send out a patch to its millions of users.
Signs of spyware infection
Common signs of spyware infection occur when the device behaves slowly, reacts more slowly than normal during normal activities, such as typing or browsing the web. it uses an abnormal amount of bandwidth and connects to servers unrelated to its normal browsing activities. Also, for adware-connected schemes, the device's browser may display an unusual number of targeted advertisements. However, in more advanced cases, such as Pegasus spyware, there are often no visible signs of infection from the target device.
How did I get this spyware?
Spyware is spread by targeted and channeled attacks. For intelligence operations conducted by the state, the use of spyware is generally directed at a specific target. Sometimes just taking a call on your smartphone can be enough to spot a spyware infection. This is the case of Pegasus Spyware Group Isreali NSO and its installation on smartphones. The "Bundestrojaner" R2D2 would have been placed on the plane while it passed a customs check at the airport. However, these are extreme and unusual cases. For consumer spyware, cybercriminals distribute it through defined channels, in which spyware features are bundled together with others in a seemingly innocent downloaded application. Targeted and channeled attacks can exploit a zero-day software vulnerability, and specific installation tactics vary by device and operating system. However, the main point of vulnerability for spyware is you, the person who uses and installs applications on the device. By installing a new application or a new program, a user grants the necessary permission to insert the spyware feature into the system. Even on Android devices, a user gets the information about the requested permissions, but in most cases, this information is not read carefully or is simply ignored.
Detect spyware
Antivirus applications have a mixed approach in their approach to spyware detection. For known malware combinations, the security application can directly prevent the application from being downloaded or installed on the device. When spyware features are included in a provided application, especially without direct malicious activity, the user may be warned that they are downloading a "potentially unwanted application" or depending on the severity of the spy feature, these applications directly like malware.
How can I protect spyware on my device?
Tactics for keeping spyware remote vary by device and operating system. However, having a quality antivirus/security system and software update program is a prerequisite. For computers running Windows, a good defense starts with not running the device in admin mode and not having a separate user account for day-to-day operations. This slows down the installation process if spyware malware is accidentally downloaded. Second, a software update program must be used to update the various applications and programs on the device. Although Windows usually fixes its own vulnerabilities, many other programs don't, and a good updater checks for and installs updates automatically. The third security tactic is to install new programs from download sites with greater caution. These may come with additional applications called "Potentially Unwanted Applications", which may not be directly harmful, but do have spyware characteristics. Please click carefully on these terms and conditions. Android phones are better protected by checking app reviews and downloading apps only from official app markets. This will reduce the chances of downloading an application with spyware characteristics. Also, read the fine print about any permissions requested or information an app may collect about you during its operation. Alexander Vukcevic is Director of Protection Labs & QA at Avira.