Image Courtesy: CNET.com
Online spying and stalkerware installations have doubled during March-June this year as against the previous couple of months as the world moved into total or partial lockdown, says a market research report shared by Avast, a digital security and privacy company.
In India, during the month of March, Avast had protected more than 4,000 users from apps that were capable of spying (mostly stalkerware) with a monthly average of 20% whereas in the first two months of 2020, this number was substantially lower.
It is notable that among the entire range of spy and stalkerware, Avast has also observed a number of COVID-19-related apps designed to spy on users, which collected more information about its users than required to function, says Avast in a prepared release.
Stalkerware is an unethical software that allows people to track someone’s location, access their personal photos and videos, intercept emails, texts and app communications such as WhatsApp and Facebook, as well as eavesdrop on phone calls and make covert recordings of conversations over the internet, without the target’s knowledge.
The Avast threat analysts found that three stalkerware apps in India that come disguised as India’s Aarogya Setu app used for tracking Covid-19. When downloaded, the official app gets installed alongside the stalker app, which uses the original one to get user approvals to allow collection of sensitive data from the smartphone. Thereafter, it uses Accessibility Service from Android to spy on users and get permissions that enable it to make calls, get SIM numbers, read contacts, send text messages, record calls, query call logs and access device location.
Avast CISO Jaya Baloo describes Stalkerware as a growing category of domestic malware with disturbing and dangerous implications. Usually installed secretly on mobile phones by so-called friends, jealous spouses, ex-partners, and even concerned parents, stalkerware tracks the physical location of the victim, monitors sites visited on the internet, text messages and phone calls, undermining a person’s individual liberty and online freedom.
Avast has protected over 43,000 users globally from such malware since March 2020. Country specific data indicates 3,531 users have been targeted in the United States, 1,648 in France, and 3,048 in Brazil. This growing digital threat identified by Avast is set against a backdrop of an increase in domestic violence during lockdown, called a “shadow epidemic” of the coronavirus by Phumzile Mlambo-Ngcuka, Executive Director of UN Women. In order to mitigate against the threat of stalkerware, the Avast team have provided some simple, actionable steps:
- Secure your phone against all unauthorised physical access – Smartphones are often left unprotected by their users. According to Pew Research, over a quarter of mobile users have no lock-screen protection on their smartphones whatsoever, and just over half use neither thumbprints nor PIN codes to keep their devices private. This makes it simple for a suspicious partner to secretly install stalkerware without being noticed. Equally, do not lend your unlocked phone to anyone unless you fully trust their intentions. It can take less than a minute to install a stalkerware app on a device.
- Install a good, mainstream antivirus product on your mobile phone – A good mobile antivirus will treat stalkerware as a PUP – a potentially unwanted program – and give you the option to remove it. A mobile security product such as Avast Mobile Security will keep your mobile device secure from stalkerware in addition to other malware and potentially malicious apps.
- Do not hesitate to contact Operation Safe Escape by a safe means – If you are already in an abusive relationship – or fear it is heading that way – you should understand that you are at greater risk from stalkerware. An innocent visit to a friend or relative could be detected and provide the trigger for physical abuse. Even removing the stalkerware could alert the partner. If you have reached this stage, you need to source help and support fast – and you should not hesitate to seek it. Contact Operation Safe Escape at the earliest safe opportunity.
Operation Safe Escape is a victim support organisation that provides valuable support and education for victims of domestic violence and abuse, and can help with issues of personal, physical and digital safety.
If it’s possible your device has been compromised by stalkerware, avoid using it to contact support. If you are able, use an anonymous device such as a library computer or a friend’s phone in order to avoid alerting the stalker.