As rates of domestic violence have increased during lockdown, Avast Threat Labs finds that digital threats to personal privacy and security have also risen.
In the US, since March 2020, there has been a 51% increase in the use of spy-and-stalkerware. Stalkerware is unethical software that enables people to access other people’s personal texts, emails, files, photos, and messaging apps. It can also track a user’s location, eavesdrop on phone calls, and even record conversations over the internet, all without the knowledge of the target.
What’s the threat?
While spyware and infostealers seek to steal personal data, stalkerware is different: it steals the physical and online freedom of the victim.
During lockdown, there is more opportunity for someone to access a potential victim’s personal phone, laptop, and tablet and install the stalkerware.
Stalkerware is often installed secretly on mobile phones by abusive spouses, ex-partners, so-called friends, and even concerned parents. It has been used to go beyond tracking the physical location of the victim, often also monitoring sites visited on the internet and personal communications, and therefore deliberately undermining a person’s individual liberty and online freedom.
How widespread is stalkware?
Since March, Avast has protected over 3,500 US users from apps capable of spying — mostly stalkerware — with the monthly average up 62% versus the first two months of the year.
This increase in spy and stalkerware is not just limited to the US; in the same period Avast has protected over 43,000 users from such malware across the globe. Country specific data indicates 3,531 users have been targeted in the United States, 3,332 in India, and 3,048 in Brazil.
How to keep your privacy protected
In order to mitigate against the threat of stalkerware, you can take these simple steps:
Tip #1: Secure your device against unauthorised physical access.
Smartphones are often left unprotected by their users. Over a quarter of mobile users have no lock-screen protection on their smartphones whatsoever, and just over half use neither thumbprints nor PIN codes to keep their devices private. This makes it simple for someone to secretly install stalkerware without being noticed. Similarly, do not lend your unlocked phone to anyone unless you fully trust their intentions. It can take less than a minute to install a stalkerware app.
Tip #2: Take control of all your passwords.
If you suspect your device or any accounts have been compromised, change every password on every important account you have. While doing so, enabling two-factor identification will require all account activity and logins to request further consent from a user via a mobile device. This will greatly help protect individual accounts. Many of us have one or two central accounts, such as an email address, which act as a hub for other accounts and password recovery. By taking back control of your passwords and accounts, you can start to take back control of your privacy and security.
Tip #3: Install a reliable antivirus product on your mobile phone.
A good mobile antivirus will treat stalkerware as a potentially unwanted program (PUP) which will then give you an option to remove it. An extra layer of protection provided by a mobile security product such as Avast Mobile Security will keep your mobile device secure from stalkerware in addition to other malware and potentially malicious apps. A little extra security goes a long way to restoring your peace of mind.
Some threats can be prevented if you take action, especially those that can affect your digital lives. But for those of you who are concerned for your wellbeing beyond the digital realm, trust your gut and seek help. Operation Safe Escape is a victim support organization that provides valuable support and education for victims of domestic violence and abuse, and can help with issues of personal, physical, and digital safety.
If it’s possible your device has been compromised by stalkerware, avoid using it to contact support. If you are able, use an anonymous device such as a library computer or a friend’s phone to ensure you avoid alerting the stalker.
Avast is committed to doing all that is possible to protect users from this rising threat. To get more information on the latest scams and discoveries — and how to stay safe online in the time of COVID-19, visit coronascam.org.