What is Spyware?
Spyware is malicious software that gathers information about a person or organisation without their knowledge. Spyware is used by cybercriminals to track web browsing habits, steal personal data, or infect a computer with viruses. Spyware is one of the oldest cybercrime practices on the internet and continues to evolve over time. Most spyware is bundled within free software, downloads, or comes from infected websites. Once installed, it can be difficult to remove.
A brief history of Spyware.
The term “spyware” was first used in a Usenet article that targeted Microsoft’s business model in 1995. In early 2000, the term appeared again in a press release for a personal firewall product. This marked the beginning of the term’s acceptance.
In June 2000, the first anti-spyware applications were released. A survey performed by America Online and the National Cyber-Security Alliance in October 2004 revealed that about 80% of all Internet users have their systems affected by spyware, about 93% of spyware components are present in each of the computers, and 89% of the computer users were unaware of the spyware’s existence. Out of those affected, almost all—about 95%—confessed that they never gave permission to install them.
How does Spyware infiltrate your PC or mobile device?
Spyware can infect your system in the same ways as any other form of malware. Spyware can enter your system via download, email and/or web browsing. The following are just a few of the most common techniques spyware uses to infiltrate your PC or mobile device:
Security vulnerabilities / Backdoors
Both backdoors and exploits are holes in your device’s hardware or software that allow someone to gain access to your system without your permission. Software bugs are unintentional mistakes made during the development of hardware or software. Sometimes these bugs serve as a backdoor for easy access after the fact. Backdoors are purposefully installed to give criminals easy access to a system.
Software-bundles / Bundleware
Bundleware are software packages that may appear to be a necessary component for a host application. However, these bundles can contain spyware. If you uninstall the host application, the bundled spyware remains and can cause issues with your device’s performance.
Spyware for mobile devices has been around since the advent of smart phones. It is especially devious, as it can be hard to see what is going on in the background on a small screen. Both Android and Mac devices are vulnerable to spyware, which comes in the form of legitimate apps with harmful code and malicious apps that pose as legitimate ones.
Spoofing and Phishing
Both spoofing and phishing go hand-in-hand. Phishing occurs whenever criminals try to get you to perform some sort of action, like clicking a link or opening an infected attachment in an email. Spoofing involves disguising phishing emails and websites so that they appear to be from and by individuals and organisations you trust.
Be wary of deceptive advertising. Spyware authors often present their spyware programs as useful tools to download. For example, they may claim that it is an Internet accelerator, a new download manager, a hard disk drive cleaner, or an alternative web search service. But beware—installing these kinds of “bait” programs can result in inadvertent spyware infection; and even if you eventually uninstall the “useful” tool that initially introduced the infection, the spyware remains behind and continues to function.
Types of Spyware
Spyware can perform a number of functions, depending on the intentions of its creators. For instance, some common types of spyware include:
The first type of Spyware ever existed is the keyloggers. Keyloggers are explicitly created to spy on the activity of their victim’s devices. Keyloggers are a malicious application that monitors and records everything you type on your keyboard, including your passwords and other confidential information. They may also collect screenshots of what you’re doing on your computer, as well as any audio or video from connected devices. They can even capture documents that you print out on a connected printer and send them to a remote server or store them locally for retrieval.
2. Password stealers
Password stealers are pieces of malware designed to collect passwords from infected computers. The types of passwords they collect may include web browser login information, system login credentials, and various critical passwords. These passwords may be kept on the infected machine or transmitted to a remote server for retrieval by the attacker.
3. Banking trojans
A banking Trojan is an application that compromises your computer and collects your personal financial information. Banking Trojans can use vulnerabilities in your browser’s security to change pages you visit, change the content of transactions, and insert additional transactions without you knowing it. Banking Trojans might target a variety of financial institutions, including banks, brokerages, online financial portals, or digital wallets. They might also transmit collected information to remote servers for retrieval.
Infostealers are applications that scan your computer and search for personal information like browser history, log files, usernames, passwords, email addresses, or other media files. They might exploit browser security vulnerabilities to collect their victim’s personal information from online services and forums before transmitting it to a remote server or storing it on your PC locally for retrieval.
Greynets: Spyware on corporate networks
When you’re trying to understand the potential impact of spyware on corporate networks, it’s important to first understand the concept of greynets.
Greynets are network-enabled applications that are installed on an end user’s system without the knowledge or permission of IT or (often) without the knowledge or permission of the end users themselves. They are further categorised by their evasiveness on the network. For example, how much use they make of techniques such as port agility and encryption in order to avoid detection by existing network security controls.
Challenges associated with information sharing occur throughout the enterprise, but greynet applications pose a unique set of challenges. For example, logging and archiving can be a challenge, as can unauthorised use or circumvention by those who gain access to the network. Network security risk is also a concern.
Signs of a spyware-infected device
The following list is some of the most common symptoms that can help you identify a spyware attack:
- You start a Web search, and instead of taking you to the desired destination, it takes you to an unexpected location.
- A pop-up keeps coming out in your computer displays when you are not browsing the internet.
- Your browser settings changed unexpectedly to an untrustworthy website without your consent
- Mysterious new toolbars appeared in your browser.
- An antivirus scan runs independently, although you have not purchased it.
- Your computer performance suddenly slows down when you are browsing on the internet.
If you happen to experience any of the following symptoms on your computer or devices, you may be under a spyware attack!
Spyware and virus attacks typically affect end users in a variety of ways.
According to a white paper published by FaceTime Communication, IT managers at large organisations report an average of 277 spyware or adware attempts or installations per month. The infection rate is correlated with company size—almost doubling at the most significant organisations compared with all companies (152 average per month). Put another way, the more computers on the network, the more potential vectors for infection with spyware.
Spyware in mobile devices
Spyware can hide in your mobile device’s background and steal information such as incoming/outgoing SMS messages, incoming/outgoing call logs, contact lists, emails, browser history and photos. The spyware can send your stolen information via data transfer to a remote server or email.
Spyware on a mobile device can also potentially log your keystrokes, record anything within the distance of your device’s microphone, secretly take pictures in the background, and track your device’s location using GPS. Spyware apps can sometimes control devices via commands sent by SMS messages or remote servers.
3 of the most common Spyware breaches in mobile device
1. Unsecured public wifi connection
When you’re in a public place using an unsecured wi-fi network to access the Internet, your activities could be monitored by criminals. Pay attention to the warning messages on your device about its inability to verify the identity of this server—do not proceed unless you trust that it’s a legitimate connection.
2. Malicious applications
Malicious apps can hide inside legitimate-looking applications, especially those downloaded from third-party sources like websites and messages. Always look at the warning messages when installing apps and avoid giving third-party applications access to your personal information.
3. Out-of-date app / Flaws in operating system
Operating system flaws may allow attackers to infect your mobile device. Smartphone manufacturers frequently release operating system updates to protect users, which is why you should install and update your mobile device application to the latest version before hackers try to infect out-of-date devices.
How to get protected from Spyware?
Like other malware, the best defence against spyware is having a good awareness of your own cyber security. Here are some basic steps that can help you upgrade your cyber-defence:
- Avoid clicking or opening emails from an unknown sender and unexpected items from your acquaintances.
- Only download files from a trusted source.
- You can keep your system safer by using a reputable cybersecurity program to counter advanced spyware. Good security software usually includes real-time protection features.
- Always mouse-over-links before clicking. Ensure the URL address is correct and you are directed to the right webpage.