Handle with care: How to deal with stalkerware and cyberstalking

What cyberstalking is, why it is dangerous, how to detect it and what to do if someone is stalking you

“My ex-boyfriend David knew where I was at all times, who I was talking to on email, text messages, social media – all of it. He could see everything. I had no privacy,” says Anna (not her real name), an MIT Technology Review interviewee.
Anna started to suspect that David was stalking her just two months after they met: “He made a comment about something I’d only shared privately, in Facebook Messenger, with a relative. After that, I realized he was tracking everything. I didn’t even know it was possible.”
As it turned out that David had covertly installed a stalkerware app on Anna's phone. She lived under his constant surveillance for about two years until she escaped, fearing for her life.

What is cyberstalking?


Unfortunately, Anna's story is a textbook example of cyberstalking, or repeated and unwanted surveillance over someone’s life. Modern means of communication provide stalkers with almost limitless opportunities to spy on their victims. Specialized stalkerware can track a person's movements with GPS, monitor their social network activity, their calls, their messages, their photographs, and any other actions on their phone. These programs run hidden in the background, leaving the victim oblivious to their presence. Unfortunately, it is fairly easy to install a stalkerware tool on a victim's phone secretly.

Stalkerware is a term used for legal, commercial surveillance programs that allow covert monitoring and intrusion into a person’s private life.

Smartphone in hand

According to experts from NGOs that help domestic abuse victims, cyberstalking is also a form of violence. Just as with physical, psychological, and economic violence, an abuser can use surveillance to obtain complete control of their victim and stay in charge of the situation.

How the cybersecurity industry declared war on cyberstalking


Eva Galperin, head of information security at the non-profit Electronic Frontier Foundation (EFF), had been working in the field of privacy protection in cyberspace for a few years when she suddenly found out that her fellow investigator was a serial rapist. The saddest thing was that his victims had kept silent, fearing he might destroy their lives. The fact that the abuser was also a hacker made them completely powerless.

Eventually, the story became public knowledge. The colleague was banished from the company in disgrace. Galperin declared a personal war against stalkerware and even posted a call to action on Twitter. She offered personal help to anybody who has suffered from cyberstalking or suspects someone is spying on them. She pledged to conduct an investigation on their behalf and find out if they are indeed being followed. She immediately received around 9,000 retweets and hundreds of responses from victims. Among them were women who had survived a painful divorce or even had their children abducted, girls whose exes were spying on them, and gay men being followed by their conservative parents.

This revealed the actual scale of the issue. So Galperin raised the subject of combating cyberstalking at an annual event that brought together anti-malware vendors.

How we started warning about stalkerware


Kaspersky was one of the first companies to support Galperin. In 2019, we replaced the default threat alert for Android mobile device users with a more detailed warning about installed stalkerware tools.

“The current alert issued by our antivirus solution, Kaspersky Internet Security, provides a detailed overview of data that the detected program can transmit to a third person,” says Kristina Shingareva, Head of External Relations at Kaspersky. “We view this update as a possible, if partial, solution to the problem. Considering that stalkerware is legal and affordable in many countries, it is up to the user to make the call about removing or blocking it.

In most cases, stalkers install these tools on their victims' phones covertly, so detection is critical – as well as immediately alerting the user to the threat. It is equally important to explain what makes stalkerware so dangerous for the victim to realize the grave reality of the problem they are facing. They must be in no doubt that the notification deserves their attention, and they need to take action.”

Kristina Shingareva discussed the problem of stalkerware legality with her colleagues in the Kaspersky Transatlantic Cable podcast. The discussion shed light on the fact that, apart from abusive partners, stalkerware is also used by companies that want to make sure their employees do not procrastinate during business hours.

warning about installed stalkerware tools
Notifying users about stalkerware installed: before and after the Privacy Alert

What about iPhone users?


Stalkerware tools are less frequent on iPhones than on Android devices because iOS is traditionally a closed system. However, criminals can work around this limitation on jailbroken iPhones. They still need physical access to the phone to jailbreak it, so iPhone users who fear surveillance should always keep an eye on their device.

Alternatively, an abuser can offer their victim an iPhone with pre-installed stalkerware as a gift. There are many companies who make their services available via the internet to install such tools on a new phone and deliver it to an unwitting addressee in factory packaging to celebrate a special occasion.

It is often possible to remove basic stalkerware tools simply by resetting your device and updating to a later operating system version. So, it is a good idea to check if your iPhone has received another software update. You can also find utility tools on the internet to check if your phone has been jailbroken.

Smarthone in hands

The scale of the issue


According to Kaspersky, a total of 53,870 mobile users were affected by stalkerware worldwide in 2020, compared to 67,500 such cases in 2019. Analysts account for the decrease in the number of stalkerware installations by the COVID-19 pandemic. Lockdowns led to a reduction in demand for tools that enable abusers to control their partners remotely, keeping victims in close quarters with their tormentors, who could control them better than before. The leading countries for stalkerware use are still Russia, Brazil, the U.S., and India.

Top 10 countries most affected by stalkerware globally in 2020, according to Kaspersky

  • 1. Russian Federation: 12 389
  • 2. Brazil: 6523
  • 3. United States: 4745
  • 4. India: 4627
  • 5. Mexico: 1570
  • 6. Germany: 1547
  • 7. Iran: 1345
  • 8. Italy: 1144
  • 9. United Kingdom: 1009
  • 10. Saudi Arabia: 968

In 2020, Russia was once again the world leader in stalkerware installations. We also observed a YOY increase in stalkerware activity in the U.S. and Brazil. India, however, had fewer incidents, sliding from second to fourth position on the list. Meanwhile, the number of installations in Mexico is on the rise, driving the country from seventh place to fifth.

7 out of 10
female cyberstalking victims

have survived at least one form of physical violence at the hands of their partner, according to a study by the European Institute for Gender Equality.

“There are two things to keep in mind. First, the statistics only cover the devices with our product installed on them, so it's only a part of the picture,” explains Kristina Shingareva. “Second, there are many users who don't use any antivirus solutions on their phones. So you can multiply this number by five or even 10 without hesitation. And this is when it gets terrifying. According to the German police, for instance, Germany had 19,000 reported cases of stalking in 2018 alone.”

The most frequently used stalkerware tool in 2019 was MobileTracker. Kaspersky Internet Security for Android detected that this application had affected 6,559 unique Android device users. The application can be hidden and run in the background as a system tool. It provides remote control of the device, determines the user's location and accesses text messages and instant messaging chats (WhatsApp, Hangouts, Skype, Facebook Messenger, Viber, Telegram, etc.). A stalker can listen in on calls, browse photos and videos in real time, and control browser history, files, calendar, and contacts.

Smarthone in hand

Why we need a coalition to combat cyberstalking


Once they had delved into the murky waters of stalkerware, Kaspersky experts discovered an abyss. The stalkerware market is oversaturated, so you can easily find a wide range of tools online. Besides, we found out that software that can hijack absolutely any data from a device also poses a considerable user data confidentiality risk. As a rule, such applications transmit data to the cloud, where it could easily get stolen. The data may include bank card details, among other things, which is another security risk.

We gradually abandoned the approach to cyberstalking as a purely technical problem and started treating it as a global social issue. To tackle the fundamental problem of stalkerware, we decided to start an initiative. In November 2019 we teamed up with nine other organizations from the IT security industry, advocacy and non-profit groups working with victims and perpetrators of domestic violence to found the Coalition Against Stalkerware. The global working group is dedicated to addressing abuse, stalking, and harassment via the creation and use of stalkerware.

The list of our fellow coalition members includes a multitude of non-profit organizations all over the world. Together, we research stalkerware and work on developing an optimal course of action for a user who has detected a surveillance tool on their phone or suspects someone is spying on them. It is critical to understand that removing the stalkerware may result in a conflict with the stalker because the latter will get a notification (we will expand on this).

One of the objectives of the CAS is to provide victims of cyberstalking and their supporters with a reliable technical tool for the airtight detection of stalkerware programs and efficient notification of users, and which offers them guidance regarding further steps. “When I say 'technical tool', I mean the installation of an antivirus product that can alert you to danger with high accuracy,” explains Kristina Shingareva. “We also plan to launch an information exchange on this class of software, improve stalkerware detection across the industry, raise public awareness, and conduct training courses and webinars on the problems of cyberstalking for employees of non-profit organizations, police officers, and regulators from all over the world.”

To prove the industry's commitment to combating this issue, Google announced a ban on advertising cyberstalking software and devices in August 2020. Since October 1, sanctions now apply to stalkerware tools available on the Play Store and Google will remove them from the marketplace.

How victim support organizations are dealing with cyberstalking


All of our partners have shown an active interest in the issue of technology-related violence. One American non-profit called NNEDV runs a specialized resource to support victims of such abuse because it frequently faces surveillance and other illegitimate use of technologies in its practice.

When victims reach out to shelters for help, their abusive partners often try to force them to return. Survivors are almost always oblivious to the surveillance, while their partners have been tracking them for a long time and know about their private life down to the tiniest detail.

According to domestic violence experts, as soon as victims learn about surveillance through a phone or tablet, their first urge is to abandon technology completely, to throw away their device, and never use the internet again. It is essential to offer support and explain that this is not an option in such a situation. You have suffered enough as it is. And this is another crime against the individual — a blatant violation of privacy and the right to cyberspace. Specialists even refrain from using the word “victim”. They call these people “survivors” to offer some positive reinforcement and gradually help them regain trust in themselves again, restore their boundaries and keep using phones and the internet in a safe way. Besides, not all of those seeking help at support organizations are women – men reach out for help too.

Girl looks at the smartphine screen

Is cyberstalking legal?


Our fellow coalition members believe that one way to combat illegal surveillance is by explaining to stalkers and their victims that installing stalkerware is against the law. Victims need to be aware of the situation and understand what they should do, while stalkers must realize that they are breaking the law. If the use of stalkerware is reported, the punishment applies to its user and not its vendor. Finally, it would do everyone good to learn to deal with relationship crises in a civilized way that does not include cyberstalking.

“Not all abusers realize they are breaking the law when they secretly install stalkerware on their partners' phones,” says Kristina Shingareva. “Many honestly struggle to understand: 'What do you mean by saying that I can't spy on my girlfriend? She's mine! How am I not entitled to know everything about her?' However, surveillance over other people is punishable by law in many countries. Not to mention that it's simply unethical.”

Anti-stalking legislation worldwide


Almost a year after we established the CAS, after several dozen media articles and cyberstalking studies, we are witnessing shifts in legislation. For instance, France has introduced a law on stalking that stipulates severe punishment for secret surveillance: a fine of 40,000 euros or more and a prison sentence of at least one year. Although we are yet to see stalkerware outlawed, this measure is the first warning to those who believe it acceptable to control their partner or another individual in such a way.

Besides, while users of such software face criminal prosecution for its covert installation, no one is in a rush to bring its vendors to justice. In the U.S., only two stalking app developers have been fined in recent history. One of them had to pay a record $500,000-dollar fine, which put an end to the app development process, while the other got off with an order to change the app's functionality for future sales.

The initial lockdown exacerbated
the scale of domestic violence and drove up downloads of stalkerware tools, according to Сyberscoop and a few CAS members. Kaspersky experts, in the meantime, noted a slight decrease in the popularity of stalkerware. However, self-isolation has apparently given free rein to domestic abusers worldwide, making victims even more vulnerable. For details, you can refer to The Guardian and The New York Times.

“Stalkerware is a grey area,” says Kristina Shingareva. “A seemingly decent facade is concealing a dangerous weapon. These apps are openly sold by registered companies, for instance, as parental control tools. It is no secret, though, that most users buy them to spy on their partners. From a legal perspective, the use of stalkerware tools is legitimate as long as the device owner consents to their installation. However, stalkers fail to meet this requirement in the majority of cases”.

Coalition Logo

If you are against cyberstalking too, join the CAS!

We at Kaspersky realize that the problems around the legality of stalkerware and unwanted surveillance require global action from all parts of society. We expect the Coalition Against Stalkerware to attract more partners, including information security companies, human rights advocates, and even law enforcement agencies. You can suggest your own solution or help raise awareness by joining the coalition. Please refer to the initiative's website to learn more about joining, partnerships and the latest news. The information is available in six languages: English, Spanish, German, French, Italian and Portuguese.

How to check if your phone is
being used to spy on you and how to protect yourself



The signs of installed stalkerware include:

  • A fast-draining battery.
  • Constant overheating.
  • Unprompted resets.
  • Mobile data traffic growth.
  • The possibility of other people having had recent physical access to your phone.
  • Applications with suspicious access to GPS tracking, text messages, call recordings and other personal activities.

How to minimize the risk

  • Use a complex lock screen password and update it regularly.
  • Do not disclose your password to anyone - not even yout family members.
  • Regularly view the list of applications you use and remove the ones you do not need.
  • Disable the option of third-party application installation on Android devices.
  • Protect your Android devices with anti-malware products, such as Kaspersky Internet Security for Android, which detects stalkerware and issues warnings.
  • If you are an iPhone user, do not leave your phone unsupervised (of course, the same, goes for Android device owners).

What to do if someone is cyberstalking you

Please do not rush to remove the stalkerware. First, watch our video!

In some cases, the abuser gets a notification if their victim removes the application, which could provoke aggression. Therefore, Kaspersky recommends that victims should start by reaching out to local support organizations to discuss ways of dealing with the situation. It is best to use a different device for this interaction and make sure the phone with installed stalkerware is out of reach.

In the special section Get Help — > Resources on the Coalition Against Stalkerware website, you can find a list of organizations that offer phone consultations and even temporary shelter if your life is in danger.

If you still decide to remove the application, make sure you have a well-defined plan for any turn of events. It is a good idea to discuss your plan with your local abuse victim support organization.