What Is Spyware?
The internet is our window into a whole world of information, work and entertainment.
It’s a digital space where we can go about our daily routines like banking and shopping, as well as do our day jobs and earn a living.
As you enjoy going about your online business in the comfort of your own personal space, it can be easy to forget how you and your information are still very susceptible to prying eyes.
Spyware is one of the most common and sneakiest types of malicious software, or malware, online today. It accesses your computer, gathers all kinds of personal information about you, then passes it to others while you remain completely unaware.
There are many different types of spyware, with various capabilities and purposes. Therefore, the impact on you can range from annoying to highly dangerous.
For example, on the former end of the spectrum you have the likes of adware. This gathers your information so advertisers can target you with more personalized ads. More threatening are keyloggers. This type of spyware allows its creator to capture every keystroke you use, revealing personal details including your usernames or passwords.
That’s the scary reality. However, we believe that the first step towards protecting yourself from online threats is to understand them.
Here we’ll fill you in on all you need to know about spyware, what it is, how it works, how it infects your device and, perhaps most importantly, what to do if you get it.
What is spyware?
Certain types of malware can be quite straightforward. For example, ransomware exists to encrypt your files and issues you a ransom to retrieve them. Your device is infected and you quickly know about it.
Spyware is a bit different.
Spyware is a type of malware installed on your computer or mobile device without your knowledge. It then goes about its job of spying on your online activity, again without you ever noticing it.
While ransomware creators only benefit once you know you’re a victim and are forced to pay a ransom, spyware creators only benefit as long as its presence on your device remains undetected.
Spyware steals - and shares - all kinds of personal information. This includes your online browsing behavior, your various account logins, personal emails and even your credit card details. Some types of spyware can even hack into your computer’s camera and get visuals on you and your surroundings.
How does spyware work?
Spyware can infect any internet connected device, so pretty much everything from your PC or Mac desktop to your Android or iOS mobile phone.
There are many ways spyware might infiltrate your device, but the most common is when you unintentionally download it yourself, for example, when you download “additional software” as part of another program.
Like we said, it’s very sneaky!
Once downloaded, it attaches itself to your operating system, then begins to observe and report on your activity.
What is the purpose of spyware?
Sometimes the use of spyware is legitimate.
For example, when a business monitors its employees’ use of devices and networks (with their consent and knowledge).
In most cases though, spyware is entirely malicious. It infects a user’s device, steals their information and passes it on for malicious purposes, all without the user’s knowledge or consent.
A study by Juniper Research estimated the number of records stolen by cybercriminals will increase by 175% between 2018 - 2023.
So what’s the big attraction for these cybercriminals?
Well, information is valuable and increasingly so. Whether it’s your web browsing habits or account logins, there will always be someone who can profit from it.
Here are some examples of how valuable your information can be to scammers:
- Criminals can use spyware to steal account logins and hack into online banking accounts.
- They can use it to capture your email logins, opening up endless possibilities for identity theft and hacking into your other online accounts.
- Certain advertisers get paid based on how many people see or click their ads (whether it’s intentional or not). They use spyware to force pop-up ads to bump their numbers.
- Shopping sites like eBay offer credit to websites directing traffic to their pages. Spyware (or “stealware”) can be set up to steal the credit for sending you there - more on that later.
What can spyware do to my computer?
There really is no limit to the information spyware can gather about you once on your device. The list below covers some of this.
- Collect almost any type of data including personal information and passwords
- Change settings on your device
- Install additional software
- Use up processor power and slow down your device
- Generate endless pop-up ads
- Redirect your web searches making your search engine difficult to use
- Record the words you type
- Read your emails
- Change your firewall settings to make you susceptible to more malware
- Hack into your camera
- Hack into your voice calls
- Take screenshots of your screen
Who do spyware creators target?
Most people affected by spyware aren’t individually targeted. Spyware creators usually cast a very wide net and try to trick as many web users as possible into becoming victims. That is quite scary as it means every one of us is a potential target.
That’s not to say individuals can’t be targeted with spyware. “Stalkerware” is a type of spyware used by some to spy on family members or other close contacts - more on that below.
How does spyware infect my computer?
We’re sure you’ve heard enough at this stage to know spyware is something you really don’t need in your life (or on your device)
Annoyingly, spyware usually infects your device when you unwittingly download it yourself. So to avoid falling victim, it’s helpful to be aware of all of the various ways you could be tricked into downloading it.
Accepting additional software
Installing new programs or updating old ones is a standard activity when using the web. However, it is one of the most common ways of downloading spyware. So make sure you read what you are agreeing to and watch out for any “additional software” offered with your download. If you have the option between an automatic or a custom install, opt for custom to ensure you know exactly what is being added to your device.
As you’re browsing online, you may come across a convincing pop-up ad advising you a plug-in is required for your device. Unfortunately, your best intentions of doing the right thing could see you fall victim to spyware. So try not to fall for it.
Downloading from unreliable sources
Programs, tools, games, demos - the internet is full of useful software to make our lives easier or more fun! However, it’s important we don’t forget to check the reliability of the sources we’re downloading from or we could walk straight into a spyware trap.
Phishing is a cyberattack using email as its disguise. The goal is to trick the recipient into sharing personal information or downloading malware. In the past, phishing emails might have been very easy to identify and maybe even laugh-out-loud funny!
Unfortunately, now these attacks have become much more sophisticated and increasingly difficult to distinguish from genuine mails from your contacts. Take a second to assess before opening any unexpected emails and especially any with attachments. Spyware can infect your computer if you open email attachments containing malicious code.
Read more about how to recognise a phishing email.
Similar to the above, hoax emails might also contain a link for you to click on. Many people mightn’t realise unreliable links are just as malicious attachments. Anyone can create a website and stumbling into the wrong one can be enough to trigger a spyware transfer to your computer. This is actually becoming a more common problem on mobile devices as users don’t yet fully appreciate malware attacks can also happen on cell phones. Be extra wary of any strange links sent to you via SMS or web chats.
Read more about iPhone spyware and how to remove it.
Using infected hardware
Not all spyware travels directly from the internet to your device. Some types of spyware copy themselves onto removable storage devices, such as a USB flash drive. If someone shares an infected USB drive with you and you plug it into your device, spyware could then be easily transferred to your computer.
What are some common types of spyware?
There are very many different types of spyware out there. Each collects different types of information and uses it in different ways. Some spyware can be just purely annoying, while others will expose all your private information and use it in any way that’s profitable for the creator.
Adware typically spies on your online activity, then shares the information with advertisers who want to target you with ads such as pop-ups, display ads or videos. Adware developers make revenue from how many times users see or click their ads.
While it does track your web browsing activity, adware’s reach does not extend to stealing passwords or other personal information. So, the impact of adware on the individual is relatively benign compared to other forms of spyware. However, it can still be annoying nonetheless, potentially slowing down your device and serving up constant ad interruptions to your user experience.
A keystroke logger or keylogger is a form of software capable of tracking and recording every keystroke you type on your device. Yup, that includes your private emails, text messages, passwords and bank details.
You might be familiar with the ancient story of Troy, where the Greeks presented the Trojans with an enormous wooden horse as a ‘peace offering’. It turned out the horse was in fact hiding Greek soldiers inside who emerged in the dead of night and attacked the city. This is where trojan spyware gets its name.
A trojan is a type of spyware masquerading as a useful program. It may even function as a useful program, but malicious code is hidden within. This code allows the creator to gain control of your device by establishing a “backdoor” or a remote access trojan (RAT). This provides them with a very deep level of access to your device, allowing them to do anything from stealing your personal information, installing more malware or hijacking your entire device.
Certain types of “monitoring software” are legally available for purchase. They are typically marketed as a solution to help well meaning parents protect their children online. Buyers are advised they can only install it on a device they own and must inform the device users of its presence. Of course, how closely this advice is followed is anyone’s guess.
Unfortunately, it is frequently misused as “stalkerware” by those who want to spy on their spouses, ex’s or other individuals without their knowledge. It operates just like other spyware, logging keystrokes, monitoring internet activity, reading messages and recording video and audio.
Many online shopping sites give credit to affiliate websites for sending customers to their site.
Also referred to as “affiliate fraud”, stealware is a type of spyware allowing hackers to intercept your visits to certain shopping sites. They make it appear it was the hacker’s website that sent you there and take the financial rewards from this.
Mobile devices today are so powerful, they are multi-functional and central to almost everything we do. So, once they’re compromised with spyware, there’s no end to what a cybercriminal can take advantage of.
How does spyware on cell phones work?
Mobile spyware can monitor:
- Call history
- Text messages
- Contacts lists
- Web browsing history
- Phone location
- Photos and video taken
And it gets worse. Jailbroken or rooted phones could be open to more advanced monitoring such as:
- Messaging apps like Viber or WhatsApp
- Phone conversations
- Recording via the phone’s microphone and camera
How spyware is installed on a cell phone
Mobile devices become infected with spyware in very similar ways to desktop devices. They include:
- Email phishing
- Downloading apps from unreliable sources
- Clicking unsafe links in emails or in SMS or online messages
In the news: Pegasus spyware
Revelations about spyware software, Pegasus, has made mobile spyware a hot news topic in 2020.
Pegasus is a mobile spyware sold by Israeli company, NSO Group. While the firm asserts the software is legitimate and sold exclusively to law enforcement and government agencies, it appears it has been misused on multiple occasions and found on the phones of activists, journalists and business leaders.
It hit the headlines in January 2020 when the Saudi Arabian authorities were claimed to have hacked the cell phone of Amazon founder and world’s richest man, Jeff Bezos. He allegedly received a WhatsApp message from the Saudi Crown Prince. An investigation by UN experts confirmed Bezos’s device had been infected, most likely by Pegasus.
How to protect yourself from spyware
Regardless of whether you’re the richest person in the world, or just a regular internet user, if you use any internet connected devices, you’re at risk of a spyware attack.
As we’ve seen, there are multiple means by which spyware can creep onto your device. You can follow these best practices to give yourself every chance of avoiding becoming a spyware victim:
Use anti-spyware software
A trusted anti-virus software will include protection against spyware. So make sure you do your research and protect yourself with this critical first line of defence.
Keep your system up to date
Any time your browser or device releases an update, you can be sure security maintenance is one of the key reasons for it. So it’s important to make sure you keep your system up to date.
Pay attention to what you’re downloading
As we’ve seen, the most common means of spyware infection comes from unintentionally installing it yourself. You should be wary of absent-mindedly agreeing to any downloads.
Be suspicious of pop-ups and don’t follow their instructions unless you’re entirely certain where they’re coming from.
Be careful about emails
Be wary of any unexpected emails. If something about it raises your suspicions, don’t open it and check with the sender via other means if they actually sent it to you.
Be careful about links
Don’t click on links you’re unsure about. This goes for links in emails, SMS, messaging apps and so on.
What to do if you do get spyware
If spyware is running as intended on your device (i.e. in secret), then it can be very difficult to detect its presence, if at all.
If you are concerned your device might have been corrupted, here’s what to do:
- If you don’t have a trusted cybersecurity software on your device, get one and run a scan to identify and remove spyware.
- Once your device has been cleaned, notify your bank to be on the lookout for any fraudulent activity on your accounts. They will advise on any further actions from their point of view.
- Update your passwords. It’s understandable that your instinct would be to change your passwords as soon as you suspect a breach. However, it’s important to make sure you have removed the spyware first or else your intruder will only learn your new passwords as soon as you create them.
People are often surprised to learn how spyware can infect Apple devices. If you suspect your iPhone, iPad or Mac may have been compromised, check out our previous post on how to identify and remove spyware from Apple devices.
Does Clario protect against spyware?
Yes, Clario is an all-in-one cybersecurity solution providing you with everything you need to protect your devices from all of today’s online security threats, including spyware. Clario features include anti-malware protection, and email breach monitoring.