Explained: Why does spyware, stalkerware, gain popularity during the pandemic?


Global cybersecurity leader Avast warned in a report that there was a 51% increase in the use of spyware and stalkerware during the lockdown period from March to June. The use of these apps, the organisation acknowledged in its report, increased during the lockdown in the backdrop of increased domestic violence cases.

Captured by the sudden onslaught of COVID-19, most companies fail or have inadequate security systems in place to support remote work and are now faced with a new reality that includes a much broader target surface and less secure user devices. Many have also had to adapt and adopt digital tools easily, bringing on new technologies that might not be adequately secured.

Already 21 per cent of Singapore’s organisations have recorded an increase in attacks on their IT systems due to the pandemic, according to the HackerOne report released this week. Some 58% of these companies believed that they were more likely to encounter a data breach as a result of the global pandemic, according to the study, which polled 200 city-state respondents. Conducted by Opinion Matters in July 2020, HackerOne surveyed 1,400 security professionals in Singapore, Australia, France, Germany, Canada, the United Kingdom and the United States.

Across the board, 64% felt it was likely their organisation would experience a data breach as a result of the pandemic. HackerOne CEO Marten Mickos said: “The COVID-19 crisis has shifted life online. As companies rush to meet remote work requirements and customer demands for digital services, attack surfaces have dramatically expanded, leaving security teams stretched thin and not staffed to cope.”

What’s a spy and stalkerware app?

Spy and stalkerware apps, such as viruses and other malware, infect devices that are connected to the internet. While anti-virus software can detect viruses and malware, spyware and stalkerware apps disguise themselves as helpful and send stolen data to central servers without the knowledge of users.

Ironically, most spyware and stalkerware apps disguise themselves as anti-theft applications that can be used to detect whether a device is stolen or lost, cyber security experts warn.

The spyware app, which can also be remotely installed, accesses the device’s data use pattern, accesses images and videos, as well as other user’s personal information, and then passes it to the central server.

How are those applications working?

There are two or three types of spyware and stalkerware applications. The easiest way for spyware applications is to conceal spy code inside unauthorised versions of premium apps.

“For example, someone can claim to have a cracked version of a premium app such as Spotify. Now, whoever installs such apps can be remotely tracked easily. Since the code of the application (inside which the spyware codes are hidden) do not spy on the users, such codes pass the scrutiny of anti-virus programmes,” said the expert, who also works with government and security agencies.

Stalkerware applications, on the other hand, require explicit permissions at the time of installation. When the app is installed on the phone, it can be hidden from the app menu in the background from which it starts to function.

Why did the use of those applications increase during the lockdown?

One of the main reasons, experts said, is the increased use of the Internet for everyone due to various lock measures in place.

“With apprehensions around COVID still in place, everything has gone online. Anything and everything which could be bought offline from a market are now at your doorstep. But bringing that to the doorstep requires going online, which is where the opportunities for cybercriminals come,” the Pune-based expert said.

Another reason, highlighted in the April study by UN Women, was “security, health and money issues,” which was further accentuated by “cramped and confided living spaces.”