Stalkerware usage surging, despite data privacy concerns
At least 31,031 people affected last year
Stalkerware has reached "pandemic proportions," according to Kaspersky, which documented a total of 31,031 people affected by the intrusive software in 2023 – up almost six percent on the prior year.
The security shop detected 2,645 unique cases of stalkerware in Europe last year, with the three most affected countries being Germany (577), France (332) and the United Kingdom (271).
In North America, 77 percent of all instances were in the United States, according to the annual State of Stalkerware report. Of the 1,049 affected individuals, 779 were American and 250 Canadian.
Perhaps unsurprisingly, Russia (9,890), Brazil (4,186) and India (2,492) were the top three countries for stalkerware, and these three have held this dubious distinction since 2019.
In the latest annual report on the topic, Kaspersky detected 195 different stalkerware apps. The most commonly used worldwide is TrackView, with 4,049 affected users. Rounding out the top five there's Reptilic (3,089), SpyPhone (2,126), Mobile Tracker (2,099) and Cerberus (1,816).
Stalkerware is easily available and can be downloaded from the internet onto a victim's smartphone without their knowledge, enabling whomever put the surveillance app on their partner's or child's devices to spy on their victims while the software remains "invisible to the user."
Providers typically market their tools as anti-theft devices, or parental control tools – but their real-life use is "very different," according to Kaspersky. "Installed without the knowledge or consent of the person being tracked – they operate stealthily and provide a perpetrator with the means to gain control over a victim's life."
Plus, they usually don't show up in the list of installed apps on a person's device.
Depending on the particular software's capabilities, it can allow the person doing the digital stalking to monitor everything from the victim's device location, text messages, phone calls, social media chats, photos and browser history.
And unlike other insidious apps or malware installed on victims' mobile devices without their knowledge or consent, removing the stalkerware from their phone may put the target in even greater danger – especially for those in abusive relationships.
'Insidious and intrusive'
"It's so insidious and intrusive, it allows a perpetrator to have full access to whether someone's developing a safety plan to flee, contacting an agency, sharing concerns around domestic abuse, around stalking, harassment," said Emma Pickering, head of technology-facilitated abuse and economic empowerment team at Refuge, the largest domestic abuse organization in the UK.
"It allows the perpetrator to have that insight and be a step ahead of that victim-survivor," Pickering told The Register. "And that means, quite simply, that they can't leave."
Pickering recalled that she recently read a domestic homicide report where the abuser had full access to his partner's electronic devices – including home security cameras, as well as her online accounts.
"He was monitoring everything," Pickering said. "So every time she contacted an agency and made a plan to leave, he would interrupt her, so it made it impossible for her to be able to leave safely."
Ultimately, the woman died by suicide. "The only way she felt she could leave was to take her own life," Pickering said, sadly. "And that for us is the biggest concern: That inability for survivors to be able to contact agencies and safely be able to leave a relationship."
For its annual report and to calculate the number of affected users, Kaspersky aggregated threat statistics from its security network. It also commissioned Arlington Research to conduct 21,000 online interviews from more than 1,000 people in each of the UK, Germany, Spain, Serbia, Portugal, The Netherlands, Italy, France, Greece, the US, Brazil, Argentina, Chile, Peru, Colombia, Mexico, China, Singapore, Russia, India and Malaysia.
Who is stalking, and being stalked
Of these respondents, 23 percent said they had experienced some form of online stalking from someone they were dating, and 39 percent reported experiences of violence or abuse from a current or previous partner.
This includes receiving unwanted emails or messages (16 percent), being filmed or photographed without their consent (13 percent), having their location tracked (10 percent), having a partner obtain access to their social media or email without consent (10 percent) and having stalkerware installed on their device without their knowledge (7 percent).
More women (42 percent) than men (36 percent) report experiencing violence or abuse.
"Every aspect of our life is digital these days. We bank, we shop, we socialize online, governments do what they do online," said David Emm, security and data privacy expert at Kaspersky.
"As with most things, this has gone digital as well, and the technology gives abusers granular control over somebody's activities online," he told The Register. "That means granular activity over almost everything we do."
- Stalkerware slinger LetMeSpy shuts down for good after database robbery
- Miscreants leak texts and info siphoned by Android stalkerware app LetMeSpy
- US stalkerware developer fined $410,000 and ordered to modify apps so they reveal spying
- US and Europe try to tame surveillance capitalism
Also among survey respondents: 12 percent admitted to installing or setting parameters on their partner's phone, and nine percent said they pressured their partner into installing monitoring apps. In India, both of these numbers are much higher, with one-third installing spying software, and 26 percent pressuring their partners into allowing some form of tracking via their devices.
Plus, while a slight majority (54 percent) of individuals do not endorse the idea of monitoring a partner without their knowledge, that still means almost half (46 percent) are OK with it. And, according to the report, the number of individuals who say monitoring a partner without their knowledge is never acceptable has declined over the years – falling from 70 percent in 2021 to 54 percent this year.
Meanwhile, 42 percent of Britons answered that cyber stalking of partners without consent is acceptable. And more than half (52 percent) of UK adults polled admitted to giving their partners full access to phones. They also share passwords to streaming services (76 percent), which can reveal geolocation, provide access to photos (75 percent), contact lists (70 percent), and even security devices (67 percent), such as video doorbells and cameras.
Normalize monitoring
Younger people have grown up around technology, "learning to swipe before they learn to crawl across the floor," Emm lamented.
They are used to sharing a ton of personal information online, via social media, online gaming and websites that track their location and other data. Some have even grown up with monitoring apps, giving their parents full access to their whereabouts and/or the ability to watch or listen in on their activities.
Despite being tech-savvy and knowing how to navigate devices, however, they don't necessarily know how to avoid harmful content online or consider the privacy tradeoffs of their digital behavior.
"There's something to be said around the normalization – especially with the younger generation – of sharing passwords, sharing account information, sharing devices," Pickering observed. "As we see that more normalized, we will probably see more of a push for stalkerware." ®