Full Report
Cyberthreats like ransomware, phishing and fraud can be creepy and unsettling. But far more creepy—and potentially dangerous—is the growing use of stalkerware. Learn what stalkerware is and its dangers in this blog.
Analysis Summary
# Main Topic
The growing and potentially dangerous use of **Stalkerware**, a type of malware or application used to monitor a victim's mobile device activity without their knowledge, primarily by abusive spouses and partners.
## Key Points
- Stalkerware monitors all activity on the victim’s mobile device, including communications and location data.
- Installation typically requires the attacker (stalker) to have physical access to the device and access to passwords.
- It is often illegally deployed by abusive partners, despite often being marketed publicly as legitimate parental-monitoring software.
- Signs of infection may exist, as detailed by the US Federal Trade Commission (FTC) and the National Network to End Domestic Violence (NNEDV).
## Threat Actors
- Primarily identified as **abusive spouses and partners** using the tools illegally for monitoring and control.
- No specific named threat groups or APTs are listed in relation to this general overview.
## TTPs
- **Installation Method:** Requires physical access to the victim's mobile device, including password acquisition.
- **Concealment:** Stalkerware applications are either designed to be invisible or are disguised as innocuous applications on the device.
- **Monitoring:** Surreptitious collection of data (communications, location, general usage).
## Affected Systems
- **Mobile Devices:** Primarily phones and tablets targeted by stalkerware.
- **Operating Systems:** Android and iPhone users are specifically mentioned as potential targets in reference material cited in the article.
## Mitigations
- **Detection:** Look for specific signs indicated by resources from the FTC and NNEDV.
- **Action with Caution:** Victims are warned against immediately uninstalling the app, as deletion may notify the stalker/abuser, leading to unpredictable reactions.
- **Safety Planning:** Victims are advised to contact the National Domestic Violence Hotline for help creating an escape plan if stalkerware is confirmed.
- **Secure Browsing:** When researching detection or support, victims should use a public computer or a trusted friend’s device, not the potentially compromised device.
- **External Resources:** Coalition Against Stalkerware is recommended for further advice and support globally.
## Conclusion
Stalkerware represents a critical threat that moves beyond typical cybercrime into the realm of personal endangerment, often facilitated by abusers leveraging tools marketed deceptively. The highest priority for potential victims must be ensuring personal safety before attempting technical remediation. Users should immediately consult domestic violence resources if they suspect they are a target of stalkerware installed by a partner.