What is Spyware?
Spyware is malicious software that enters a user’s computer, gathers data from the device and user, and sends it to third parties without their consent. A commonly accepted spyware definition is a strand of malware designed to access and damage a device without the user’s consent.
Spyware collects personal and sensitive information that it sends to advertisers, data collection firms, or malicious actors for a profit. Attackers use it to track, steal, and sell user data, such as internet usage, credit card, and bank account details, or steal user credentials to spoof their identities.
Spyware is one of the most commonly used cyberattack methods that can be difficult for users and businesses to identify and can do serious harm to networks. It also leaves businesses vulnerable to data breaches and data misuse, often affects device and network performance, and slows down user activity.
The term "spyware" first emerged in online discussions in the 1990s, but only in the early 2000s did cybersecurity firms use it to describe unwanted software that spied on their user and computer activity. The first anti-spyware software was released in June 2000, then four years later, scans showed that around 80% of internet users had their systems affected by spyware, according to research by America Online and the National Cyber Security Alliance. However, 89% of users were unaware of the spyware’s existence and 95% had not granted permission for it to be installed.
Types of Spyware
Attackers use various types of spyware to infect users’ computers and devices. Each spyware variety gathers data for the attacker, with the lesser types monitoring and sending data to a third party. But more advanced and dangerous spyware types will also make modifications to a user’s system that results in them being exposed to further threats.
Some of the most commonly used types of spyware include:
- Adware: This sits on a device and monitors users’ activity then sells their data to advertisers and malicious actors or serves up malicious ads.
- Infostealer: This is a type of spyware that collects information from devices. It scans them for specific data and instant messaging conversations.
- Keyloggers: Also known as keystroke loggers, keyloggers are a type of infostealer spyware. They record the keystrokes that a user makes on their infected device, then save the data into an encrypted log file. This spyware method collects all of the information that the user types into their devices, such as email data, passwords, text messages, and usernames.
- Rootkits: These enable attackers to deeply infiltrate devices by exploiting security vulnerabilities or logging into machines as an administrator. Rootkits are often difficult and even impossible to detect.
- Red Shell: This spyware installs itself onto a device while a user is installing specific PC games, then tracks their online activity. It is generally used by developers to enhance their games and improve their marketing campaigns.
- System monitors: These also track user activity on their computer, capturing information like emails sent, social media and other sites visited, and keystrokes.
- Tracking cookies: Tracking cookies are dropped onto a device by a website and then used to follow the user’s online activity.
- Trojan Horse Virus: This brand of spyware enters a device through Trojan malware, which is responsible for delivering the spyware program.
Most spyware targets Windows computers and laptops, but attackers are increasingly targeting other forms of devices.
- Apple device spyware: Malware targeting Apple devices, particularly its Mac computers, has increased rapidly in the last few years. Mac spyware is similar in behavior to those targeting Windows operating systems but are typically password-stealing or backdoor types of spyware. They frequently see the attacker attempt attacks such as keylogging, password phishing, remote code execution, and screen captures.
- Mobile spyware: Spyware targeting mobile devices steals data such as call logs, browser history, contact lists, photos, and short message service (SMS) messages. Certain types will log user keystrokes, record using the device’s microphone, take photos, and track location using Global Positioning System (GPS) trackers. Others take control of devices through commands sent from SMS messages, data transfers, and remote servers. Hackers can also use mobile spyware to breach an organization through mobile device vulnerabilities, which may not be detected by the security team.
What Does Spyware Do?
All types of spyware sit on a user’s device and spy on their activity, the sites they visit, and the data they amass or share. They do this with the objective of monitoring user activity, tracking login and password details, and detecting sensitive data.
Other spyware strands are also capable of installing further software on the user’s device, which enables the attacker to make changes to the device. But spyware typically follows a three-step process from being installed on a device to sending or selling the information it has stolen.
- Step 1—Infiltrate: Spyware is installed onto a device through the use of an application installation package, a malicious website, or as a file attachment.
- Step 2—Monitor and capture: Once installed, the spyware gets to work following the user around the internet, capturing the data they use, and stealing their credentials, login information, and passwords. It does this through screen captures, keystroke technology, and tracking codes.
- Step 3—Send or sell: With data and information captured, the attacker will either use the data amassed or sell it to a third party. If they use the data, they could take the user credentials to spoof their identity or use them as part of a larger cyberattack on a business. If they sell, they could use the data for a profit with data organizations, other hackers, or put it on the dark web.
Through this process, the attacker can collect and sell highly sensitive information, such as the user’s email addresses and passwords, internet usage information and browsing habits, financial details, and account personal identification number (PIN) codes.
How Spyware Attacks Your System
Attackers carefully disguise spyware to infiltrate and infect devices without being discovered. They do this by obscuring the malicious files within regular downloads and websites, which encourages users to open them, often without realizing it. The malware will sit alongside trusted programs and websites through code vulnerabilities or in custom-made fraudulent applications and websites.
One common method for delivering spyware is bundleware. This is a bundle of software packages that attaches itself to other programs that a user downloaded or installed. As a result, it will install without the user knowing about it. Other bundleware packages force the user to agree to download a full software bundle, with no idea that they have voluntarily infected their device. Spyware can also infiltrate a computer through the same routes as other forms of malware, such as compromised or spoofed websites and malicious email attachments.
Mobile spyware typically attacks mobile devices through three methods:
- Flaws in operating systems: Attackers can exploit flaws in mobile operating systems that are typically opened up by holes in updates.
- Malicious applications: These typically lurk within legitimate applications that users download from websites rather than app stores.
- Unsecured free Wi-Fi networks: Wi-Fi networks in public places like airports and cafes are often free and simple to sign in to, which makes them a serious security risk. Attackers can use these networks to spy on what connected users are doing.
Problems Caused by Spyware
The effects of spyware are wide-ranging. Some could go unseen, with users not knowing they have been affected for months or even years. Others might just cause an inconvenience that users may not realize is the result of being hacked. Some forms of spyware are capable of causing reputational and financial damage.
Common problems that spyware can result in include:
- Data theft: One of the most common problems caused by spyware is data theft. Spyware is used to steal users’ personal data, which can then be sold to third-party organizations, malicious actors, or hacking groups.
- Identity fraud: If spyware harvests enough data, then it can be used for identity fraud. This sees the attacker amass data like browsing history, login credentials for email accounts, online banking, social networks, and other websites to spoof or imitate the user’s identity.
- Device damage: Some spyware will be poorly designed, which ends up having a negative effect on the computer it attaches itself to. This can end up draining system performance and eating up huge amounts of internet bandwidth, memory, and processing power. Even worse, spyware can cause operating systems to crash, disable internet security software, and make computers overheat, which can cause permanent damage to the computer.
- Browsing disruption: Some spyware can take control of the user’s search engine to serve up harmful, fraudulent, or unwanted websites. They can also change homepages and alter computer settings, as well as repeatedly push pop-up ads.
How do I Get Spyware?
Spyware can increasingly affect any device, from computers and laptops to mobile phones and tablets. Devices that run Windows operating systems are typically the most susceptible to an attack, but cyber criminals are increasingly devising methods that afflict Apple and mobile devices.
Some of the most prominent causes of spyware infiltrating a device or system include:
- Misleading marketing: Spyware authors will often disguise their malicious software as a legitimate tool, such as a hard disk cleaner, download manager, or new web browser.
- Phishing or spoofing: Phishing occurs when an attacker encourages a recipient to click on a malicious link or attachment in an email, then steals their credentials. They often use spoofed websites that appear to be a legitimate site that steal users’ passwords and personal information.
- Security vulnerabilities: Attackers often target code and hardware vulnerabilities to gain unauthorized access to devices and systems and plant their spyware.
- Software bundles: Bundleware sees users unknowingly install spyware within a bundle of software they believe to be legitimate.
- Trojans: A Trojan is a type of malware that pretends to be another piece of software. Cyber criminals use Trojans as a method for delivering malware strains, such as spyware, cryptojackers, and viruses, onto devices.
A device can also become infected with spyware as a result of a user’s actions, such as:
- Accepting cookie consent requests from insecure websites
- Accepting pop-ups from untrusted sites
- Clicking on malicious links
- Opening malicious attachments
- Downloading games, movies, or music from pirated or spoofed websites
- Downloading malicious mobile apps
How to Tell if You Have Spyware
Despite spyware being designed to go undetected, there are several telltale signs that could be indicators of a device being infiltrated. These include:
- Negative hardware performance, such as:
- A device running slower than usual
- Devices suffering frequent crashes and freezes
- A drop in application or browser performance, such as:
- Pop-up ads repeatedly appearing in browsers
- Unusual error messages
- Unexpected browser changes
- New icons appearing in the taskbar
- Browser searches redirecting to new search engines
Note that these symptoms are also indicative of the presence of other malware, not just spyware, so it is important to dig deeper into issues and scan devices to discover the root of the problem.
If a device is showing signs of spyware, then it is important to get the device and any connected systems cleaned up and protected again. The removal of spyware is possible through solutions that can identify and remove malicious files.
The first step in removing spyware is to ensure the system is cleared of infection. This will prevent new password changes and future logins from also being stolen. It is also important to purchase robust cybersecurity software that offers comprehensive spyware removal, deep cleans devices affected by spyware, and repairs any files or systems that may have been infected.
With the system cleaned up, financial services need to be advised that potentially fraudulent activity has occurred that could affect bank accounts and credit cards. If the spyware has affected an organization, then legal and regulatory violations need to be reported to the appropriate law enforcement agency.
Spyware and other malicious attack methods are a constant threat to any device connected to the internet. Therefore, the first line of defense against spyware is to deploy an internet security solution that includes proactive anti-malware and antivirus detection. In addition, tools like antispam filters, cloud-based detection, and virtual encrypted keyboards are useful to eliminate potentially malicious risks.
Some spyware types are also able to install software and modify the settings on a user’s device. This means it is also vital for users to use secure passwords, not recycle their credentials on multiple applications and websites, and use processes like multi-factor authentication (MFA) to keep their identity secure and their devices updated.
In addition to software, there are several steps that can be taken to protect devices and systems:
- Cookie consent: It can be easy for users to simply click "accept" on the cookie consent pop-ups that appear on nearly every website they visit. However, they need to be careful about issuing their consent every time and only accept cookies from websites they trust.
- Browser extensions: Users can also install anti-tracking extensions that prevent the relentless online tracking of their activity on web browsers. These extensions can block activity tracking by both reputable sources and malicious actors, keeping users’ data private when they access the internet.
- Security updates: Updating software with the latest versions is vital to preventing spyware and other types of malware. Spyware typically makes its way onto devices through gaps in code or vulnerabilities in operating systems. So it is important to constantly patch potential issues and fix vulnerabilities immediately.
- Avoid free software: It can be appealing to download free software, but doing so can have costly ramifications for users and their organizations. The free software may be insecure and the creator can make a profit from users’ data.
- Use secure networks: Unsecured Wi-Fi networks are an easy resource for hackers to breach devices. Avoid using free Wi-Fi networks, and only connect to trusted, secure networks.
- Best practice and behavior: Practicing good cybersecurity behavior is crucial to avoiding spyware. All users need to be aware of the security risks they face, avoid opening emails or downloading files from people they do not know, and make it a habit to hover over links to check if they are reputable before clicking on them.
Computer and laptop users can follow steps to keep their devices secure. These include enabling and downloading pop-up blockers on their desktops and limiting allowed applications and permissions. All users should also avoid clicking links or opening attachments in all emails, even those purporting to be from trusted senders, as this is a prime delivery method for spyware and other malicious attacks.
There are also steps that can be taken to specifically protect mobile devices from spyware. These include:
- Only download apps from the official store of the operating system, such as the Google Play Store, Apple’s App Store, and official publishers.
- Be careful about giving permission to apps that track data or location and take control of cameras or microphones.
- Avoid clicking links in emails and SMS messages. Instead, only enter trusted Uniform Resource Locators (URLs) directly into the browser address bar.
Be aware of unexpected warning messages, especially those that cannot be verified by the server
How Fortinet Can Help
The Fortinet FortiGuard antivirus security service helps businesses protect themselves against the risk of spyware. It reduces the likelihood of an organization suffering a data breach and proactively protects them from the latest variants of malware. The FortiGuard antivirus also reduces the damage caused by spyware and other types of malware and ensures protection is current with hourly updates.
What is Spyware?
Spyware is malicious software that infiltrates a device, gathers personal data, and sends or sells it to third parties. Spyware can also damage devices and affect their performance.
What are some examples of Spyware?
Some of the most common examples of spyware include adware, infostealers, keyloggers, rootkits, Red Shell, system monitors, tracking cookies, and Trojans.
How can you prevent Spyware?
Spyware can be prevented with antivirus solutions, anti-malware detection, and antispam filters. It can also be prevented through cybersecurity best practices like not clicking email links, being careful about cookie consent, and only downloading official software.
Does Spyware work without the Internet?
Spyware infiltrates devices that are connected to the internet. Attackers use malicious websites, software downloads, and fraudulent websites to encourage people to download spyware.