Spyware is a type of malware, also known as malicious software, that is installed onto a victim’s device without them knowing. When spyware is installed it can spy on the victim and gather sensitive information such as passwords and credit card numbers, and then send that information to a cybercriminal to use for their own malicious purpose.
How Does Spyware Work?
Spyware collects information from the victim’s device and transmits it to the cybercriminal using the device’s internet connection. Depending on the type of spyware, it could conduct different attacks. Actions that spyware are capable of include recording the victim’s keystrokes, accessing the device’s camera and microphone to watch and listen to the victim, or recording the victim’s browsing history.
Once the cybercriminal gets the victim’s data, they will use it for malicious purposes. They may sell it on the dark web to other cybercriminals who use the data to take over your accounts, steal money or commit identity theft. Other types of spyware are used for political purposes – collecting intelligence that can be used by a government or political organizations to strategize in conflict.
Because spyware takes up space and energy on your computer, an infected device may experience performance issues, such as slow speed, low battery life and glitchy applications.
Types of Spyware
| Keyloggers A keylogger is a type of malicious software that gets installed onto a victim’s device and logs every keystroke that the victim makes. Examples include Advanced Keylogger and Go Keyboard. One major use case for this type of malware is to steal credentials. For example, a victim could be logging in to one of their accounts and manually typing in their password. If there is keylogging software installed, the cybercriminal will be able to know what their login credentials are because they have the ability to track their keystrokes. |
 |
 |
Adware Adware, short for advertising-supported software, is malicious software that is secretly installed onto your device and displays unwanted pop-ups and advertisements. Depending on the type of adware installed onto a victim’s device, it can also sometimes track online activity and display personalized advertisements. Clicking on adware may redirect you to an unsafe site, trigger malware infections or even install additional programs onto your device. |
| Government-grade spyware Government-grade spyware, like Pegasus, is an advanced cybersecurity product developed by legal security and defense companies. It is sold with the intent of fighting crime or terrorism, however is often abused and used for malicious purposes. It’s similar to stalkerware in that it has multiple capabilities, like reading texts, recording phone calls, collecting keystrokes and location tracking. |
 |
 |
Stalkerware Stalkerware, such as FinSpy, is surveillance software used to engage in illegal cyberstalking. With multiple surveillance abilities, stalkerware often goes beyond keylogging. This software can often access a device’s camera and microphone or take screenshots of what the user is doing. |
How Devices Get Infected With Spyware
| Trojans Trojans, also called trojan horses, are a type of malware that is hidden in email attachments or downloaded from websites. The victim thinks they are downloading a particular app or file and doesn’t realize that trojan malware is hidden in the download file. When trojans are downloaded onto your device they do whatever the cybercriminal has engineered them to do, which can include spying on you. Downloads on torrent sites or other unofficial sources are more likely to have trojan malware hidden inside. |
Downloading an app from an untrusted source Installing apps from untrusted sources can lead to your device becoming infected with spyware. When you download an app from an untrusted source, it's difficult to tell if the app you're downloading is legitimate because it hasn't been verified by a legitimate app store like the Apple App Store or the Google Play store. Unverified downloads can contain trojans or could be malware without the desired file included at all. |
| Clicking on a malicious link A malicious link is a link that does not redirect you to a legitimate site. Oftentimes, malicious links are hidden behind a legitimate-looking link, but upon close inspection, you’ll notice that the actual website address is slightly incorrect. For example, a cybercriminal can make a link look like it’s taking you to Facebook.com, but hovering your mouse over the link will reveal that it’s actually taking you to a website address that says “Faceb0ok.com” with a zero instead of an “O.” Clicking on a malicious link may redirect you to a spoofed site or trigger a malware infection, such as spyware. |
Spoofed sites A spoofed site is an illegitimate website pretending to be a real, popular website. A fake link in an ad or email could lead to a spoofed site. For example, a cybercriminal could set up a fake site that looks exactly like the official App Store and link to it in a fake Apple ad. Because the website looks official, the victim may trust that the downloads are safe. However, the spoofed site will contain unsafe downloads with malware. |
| Phishing Phishing is a cyber attack that uses social engineering tactics to convince a targeted victim to reveal sensitive information or perform certain actions. For example, a phishing email sent to a victim may prompt them to click on a link or attachment. When the victim clicks, they may trigger a malware infection that installs spyware onto their device. |
Someone installing it on a victim’s device If someone wants to target a particular victim specifically, they can secretly install spyware on their device. This can be done manually or through a WiFi network. Someone who does this may have personal reasons for attempting to cyberstalk the victim, could have political motivations or be targeting a victim for identity theft. |