Application Security IT Security

Mobile Spyware

What is Mobile Spyware?

Surveillance software is becoming more advanced and more accessible, making it increasingly important to be aware of current threats and prevention methods. Mobile spyware hides in the background of a mobile device and steals information such as incoming/outgoing call logs, incoming/outgoing SMS messages, contact lists, emails, browser history, photos, videos, and files. Mobile spyware can also have addition capabilities such as those that record inputted keystrokes, access the device’s microphone, secretly take pictures, track the device’s location via GPS, and control devices via commands sent by SMS messages and/or remote servers. Forms of spyware include:

Nuisanceware. Nuisanceware are pesky applications that come bundled with legitimate applications. They may change your homepage or search engine settings, trigger pop-ups in your web browser, or gather your browsing data to sell to third parties. Nuisanceware is not generally dangerous, as the goal is to generate revenue through forced ad views/clicks, and not through compromising your personal security.

Basic spyware. Basic spyware are generic forms of malware that steal any potentially valuable information from a system, such as clipboard data and account credentials. Basic spyware may infect a device through phishing, malicious email attachment, SMS messages, or social media links.

Advanced spyware/stalkerware. Advanced spyware may be used to monitor emails, SMS, and MMS. It may intercept live calls to eavesdrop on VoIP applications or standard phone lines, covertly record background sounds, take photos, track devices, perform keylogging functions, or hijack social media accounts.

Government-grade commercial spyware. Recently, spyware has been found on the mobile devices of activists, political dissidents, journalists, and lawyers who were connected to authoritarian governments.

Signs of mobile spyware include:

  • Spikes in data use
  • Overheating
  • Difficulty logging into your accounts the first time
  • Difficulty logging into your accounts at all
  • Anti-virus and online protection apps are shut off
  • You detect signs of fraud or theft
  • You are unexpectedly signed up for services or premium SMS plans
  • Your phone is out of your possession and reappears with different settings or changes
  • GPS and location functions turn on unexpectedly
  • Device randomly reboots

To remove mobile spyware:

  • Run a malware scan to detect and remove spyware
  • Change your passwords
  • Enable two-factor authentication
  • Update your OS
  • Lock your mobile device with a PIN, pattern, or biometrics