Monday, 18 October 2021 15:49

Cyberstalking and Stalkerware: Kaspersky's 2020 Report

Rate this item
(0 votes)

The 2020 Report "State of Stalkerware" has updated the data related to the Cyberstalking and Stalkerware phenomenon. This detailed report was produced by Kaspersky in tandem with Coalition Against Stalkerware. From the "State of Stalkerware", published by one of the major leaders in the production of software designed for cybersecurity, it emerges that in 2020, in Europe, there were 6.459 victims of stalkerware with Germany, Italy and the United Kingdom among the most affected countries. Globally, the countries most affected in 2020 were Russia, Brazil and the United States.

Last year, 53.870 users were attacked worldwide on mobile devices. Please note that the 53,870 affected are only Kaspersky users. The overall number of people who are victims of stalkerware is certainly much higher, although not known at the moment, considering that many people use other computer security systems on their devices while not protecting themselves enough from this particular phenomenon. The most used sample as a stalkerware tool turns out to be Nidb: it is used to sell a whole series of stalkerware products such as iSpyoo, TheTruthSpy and Copy9. In 2020, it affected over 8,100 users worldwide.

Data released by Kaspersky shows that the stalkerware phenomenon in 2020 has diminished compared to the previous year, but not enough to declare a 'ceased alarm'. On the contrary, spy software used for cyberstalking are becoming a further form of violence that is increasingly common and widespread, being used to control, persecute and harm a possible partner by targeting mobile devices.

Cyberstalking and Stalkerware: the highlights of Kaspersky's 2020 Report

Let's start by making a comparison between the data of 2020 and 2019. In 2019, 67.500 stalkerware victims wereregistered in the world. In 2020, the users affected were a total of 53.870. There has been an improvement in the fight against cyberstalking, but the numbers remain steadily high. For reference, in 2018 the registered cases were 40.173.Non-profit organizations from the Coalition Against Stalkerware are finding an increasing number of victims asking for help to solve the problem.

Usually, stalkerware tools are more frequent on Android devices other than on iPhones. The risks though, go far beyond the virtual sphere, as they can have effects in the real world: stalkerware can facilitate harassment, intimate surveillance of the partner, abuse, stalking and violence.

In the context of domestic violence and abusive relationships, stalkerware is used as an additional tool to control the partner the stalker lives with, and it can be difficult if not impossible for the victim to deny the violent partner access to their phone. In Europe, 7 out of 10 women victims of cyberstalking have also experienced at least one form of physical or sexual violence by their partner.

Stalkerware: what it is, how it works, and what the victim risks

Stalkerware is a software that allows you to remotely spy on the life of another person via mobile device (smartphone, tablet), without the victim noticing anything or giving their consent. It is, to all intents and purposes, an instrument of violence in the hands of stalkers and malicious people.

This kind of spy software is commercially available to anyone browsing the Internet. It can work incognito, in stealth mode, without the presence of icons on the device: as a result, the victims cannot protect themselves, either online or offline. The stalker who uses this type of software has a potentially immense ability to control the 'target'.

Depending on the type of program installed, stalkerware can:

  • read everything that the controlled person types
  • record all the data entered into the device (including credentials of banking apps, online stores, social networks, etc.);
  • view messages on any messaging system;
  • intercept, listen to and record calls;
  • find out where the victim is through geolocation, monitoring with real-time GPS;
  • watch photos and videos;
  • turn on the camera;
  • monitor the entire activity on social networks.

There is also a particular risk that the victim may run into. Sometimes, private data monitored or stolen by the stalker could become public knowledge. Hacked or unprotected stalkerware servers are the order of the day: they allow the consultation and dissemination of information on the web damaging not only cyber-confidentiality, but the people’s real lives. 

How the stalker can install spy software

It is not difficult to install a stalkerware on the target device without the victim's knowledge: this operation takes just a few minutes. The software, however, must be configured, so the stalker must have physical access to the device in order to install the program. If the device does not have a pin, password or unlock pattern or if the stalker knows the victim personally, that's it. Remember though, you cannot get infected with a stalkerware via web browsing or spam message.

As we said earlier, stalkerware on iPhone is less frequent than on Android because it is a closed system but, being able to physically access the device, it is still possible to install spy software by jailbreaking. Those who plan to control the partner could give the victim an iPhone or another device with the stalkerware already pre-installed. In 2020, Google banned from the Play Store all stalkerware apps proposed under the pretext of child monitoring or employee tracking.

How to find out if stalkerware has been installed on your phone

Usually, the stalkerware software is sneaky: the app icon is not visible on the home screen and the stalker can delete any trace in the smartphone menu.

You can try to find out if a spy software has been installed with the following tricks:

  • make virus scans frequently: if a stalkerware is detected, do not remove it immediately so as not to make the stalker suspicious. It ispreferable to prepare a safety plan and contact a support service;
  • check if you have enabled "unknown sources", a feature that can signal the presence of unwanted software installed by third-party sources;
  • pay attention to the battery (if it discharges faster than usual) as well as the constant overheating or increased data traffic on the device;
  • check your browser history. A possible stalker, to download the spy software, must visit certain web pages that you don’t usually go on. However, the persecutor may have deleted these web pages from the browser history;
  • another important check to do is the permissions on the installed apps. The stalkerware app may be hiding behind a different name.

Cyberstalking and Stalkerware: how to defend yourself and minimize the risks

The first thing to do, if you are unfortunately a victim of stalkerware, is to take care of your digital security.

Kaspersky gives some advice on this:

  • use a strong password on the lock screen and change it regularly;
  • never leave your phone unlocked;
  • do not reveal your password to anyone, not even to friends, family, or partners;
  • never lend your smartphone to anyone you do not trust or if you do not know what use they can make of it;
  • disable the third-party app install option on Android devices;
  • check your phone regularly: for example, delete apps you don't use and check the permissions granted to each application;
  • protect Android devices with a free security feature(Kaspersky Internet Security for Android) that can detect stalkerware and notify alerts.

Most used stalkerware samples

In Kaspersky's 2020 "State of Stalkerware" Report, samples of the most popular stalkerware used to control mobile devices are analysed in a special section.

According to the statistics related to the users of the cybersecurity company, here are the 10 most used samples in 2020 with the number of affected users:

  • AndroidOS.Nicb.a: 8.147 
  • AndroidOS.Cerberus.s: 5.429
  • 2.727
  • AndroidOS.Anlost.a: 2.234
  • AndroidOS.MobileTracker.c: 2.161
  • AndroidOS.PhoneSpy.b: 1.774
  • AndroidOS.Agent.hb: 1.463
  • AndroidOS.Cerberus.a: 1,310
  • AndroidOS.Reptilic.a: 1.302
  • AndroidOS.SecretCam.a: 1.124.

The countries most affected: European and world ranking

The global phenomenon of stalkerware affects countries regardless of size, culture or society. Compared to 2019, in 2020 Russia remains at the top of the ranking, while activity increases in Brazil and the USA. Cases of stalkerware are also increasing in Mexico, while they are decreasing in India.

Here are the top 10 countries most affected by stalkerware in 2020 worldwide with their number of users:

  • Russian Federation: 12.389
  • Brazil: 6.523
  • United States of America: 4.745
  • India: 4.627
  • Mexico: 1.570
  • Germany: 1.547
  • Iran: 1.345
  • Italy: 1.144
  • UK: 1.009
  • Saudi Arabia: 968

Let's find out the ranking of the most affected European countries in 2020:

  • Germany: 1.547
  • Italy: 1.144
  • UK: 1.009
  • France: 904
  • Spain: 873
  • Poland: 444
  • Netherlands: 321
  • Romania: 222
  • Belgium: 180
  • Austria: 153

Kaspersky's contribution to the fight against cyberstalking and the activity of Coalition AgainstStalkerware

Kaspersky is actively working with partners to declare war on stalkerware. In 2019, the company created a special alert message that alerts users to the presence of stalkerware software on their device. Subsequently, Kaspersky was one of the ten founding members of the Coalition Against Stalkerware, publishing, the same year, the first comprehensive report to investigate the phenomenon. In 2020, they produced TinyCheck, a free tool that detects stalkerware on mobile devices, aimed primarily at service organizations working with victims of domestic violence.Since 2021, Kaspersky is part (together with five other partners) of DeStalk, a European project (supported by the Commission with the Rights, Equality and Citizenship program) aimed at fighting cyberviolence and gender stalkerware.

DeStalk: the new anti-stalkerware e-learning course

In Europe, 7 out of 10 women victims of cyberstalking have also experienced at least one form of physical or sexual violence by their partner. One in 10 women experiences cyber violence as early as the age of 15. These data are enough to understand that Cyberstalking and Stalkerware are an integral part of a phenomenon to be fought and blocked at all costs through information and knowledge. The cybersecurity community, research and civil society organizations, and government authorities have joined forces and expertise to create a new online training course to provide knowledge and strategies against digital forms of gender-based violence. This training course is called DeStalk, a multilingual e-learning course aimed at public officials of regional authorities, operators of victim support services and programs to prevent gender-based violence online. It offers knowledge on the topic of cyberviolence and skills to better deal with it.

Francesco Ciano – ANCDV Advisory Board member

© all rights reserved

Cookies user prefences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Tools used to give you more features when navigating on the website, this can include social sharing.
Set of techniques which have for object the commercial strategy and in particular the market study.