The ultimate guide to finding and killing spyware and stalkerware on your smartphone

Source: Vsoftsystems, 06/09/2018

Surveillance isn`t just the purview of nation-states and government
agencies -- sometimes, it is closer to home.
Our digital selves, more and more, are becoming part of our full
identity. The emails we send, the conversations we have over social
media -- both private and public -- as well as photos we share, the
videos we watch, and the websites we visit all contribute to our
digital forms.
As mobile devices are now a common tool for social interactions, it is
not just ad agencies, data miners, and surveillance-hungry powers that
be that want to keep track of us.
When a government agency, country, or cybercriminals decide to try and
peek into our digital lives, there are generally ways to prevent them
from doing so. Virtual private networks (VPNs), end-to-end encryption
and using browsers that do not track user activity are all common methods.
Sometimes, however, surveillance is more difficult to detect -- and
closer to home.
This guide will run through what spyware is, what the warning signs of
infection are, and how to can remove such pestilence from your mobile
devices.
Nuisanceware
At the bottom of the pile, you have nuisanceware, which often comes in
software bundles together with legitimate, free programs. Also known
as Potentially Unwanted Programs (PUP), this sort of software may
interrupt your web browsing with pop-ups, change your homepage
settings by force, and may also gather your browsing data in order to
sell it off to advertising agencies and networks.
Although considered malvertising, these kinds of software are
generally not dangerous or a threat to your core privacy and security.
Spyware and stalkerware
Spyware and so-called `stalkerware,` however, is far more so.
These types of unethical software can result in victims being spied
on, the theft of data including images and video, and may allow
operators -- whether fully-fledged cybercriminals or your nearest and
dearest -- to monitor emails, SMS and MMS messages sent and received,
intercept live calls for the purpose of eavesdropping across standard
telephone lines or Voice over IP (VoIP) applications, and more.
Stalkerware is the next step up in spying and has become an
established term in its own right, coined after a series of
investigations conducted by Motherboard.
Whereas spyware rarely singles out individuals, unless it is in the
hands of law enforcement or unscrupulous government agencies,
stalkerware is generally perceived as software that anyone can buy, in
order to spy on those closest to them.
This can include the stalkerware uses stealing images and text
messages, eavesdropping on phone calls and covertly recording
conversations made over the Internet.
Stalkerware may be able to also intercept app communications made
through Skype, Facebook, WhatsApp, and iMessage.
Both terms, spyware and stalkerware, relate to similar malicious
software functions. However, the latter is deemed more personal in use.
In order to avoid potential legal issues and alienating clients, many
spyware solutions providers will market their offerings as services
for parents seeking a way to monitor their child`s mobile device
usage. However, anyone willing to pay for the software can acquire it.
Retina-X, makers of PhoneSheriff, marketed their spyware software
solution, for example, as `parental control for mobile.`
PhoneSheriff, developed for the Google Android operating system,
permitted location monitoring via GPS, records calls, text messages,
and logs websites visited. The spyware was also able to block
contacts, websites, and apps.
The company, which also developed TeenShield, SniperSpy, and Mobile
Spy, closed its doors last year after a hacktivist said they would
`burn them to the ground,` as the hacker deemed the business immoral.
When these types of software are used at home, there are few reasons
why which do not lean towards unacceptable behavior, practices, and
toxic relationships. A common reason reported for the use of such
software is a lack of trust between partners, for example, and a wish
to catch someone in the act of cheating.
With the evolution of technology, so too has domestic abuse changed.
Sometimes, stalkerware is used to monitor partners and spouses
covertly, or occasionally with the full knowledge of the victim.
Spyware and stalkerware are found less commonly in the enterprise
although some software solutions are marketed for companies which wish
to keep track of employee mobile devices and their activities.
The lines here can be blurry, but if a mobile device which belongs to
a company is used by a staff member in full knowledge that it is
tracked or monitored, then this can be considered acceptable. The
staff members may then keep their private lives, social media, and
emails on their own smartphone or tablet and off company property.
What kinds of spyware and stalkerware apps are still out there?
-SpyPhone Android Rec Pro: This £143 spyware claims to offer `full
control` over a smartphone`s functions, including listening in to the
background noise of calls and recording them in their entirety;
intercepting and sending copies of SMS and MMS messages sent from the
victim`s phone, sending activity reports to the user`s email address,
and more.
-FlexiSpy: One of the most well-known forms of stalkerware out there
is FlexiSpy, which markets itself using the slogan: `It takes complete
control of the device, letting you know everything, no matter where
you are.`
FlexiSpy is able to monitor both Android smartphones and PCs and is
willing to deliver a device with the malware pre-installed to users.
The spyware is able to listen in on calls, spy on apps including
Facebook, Viber, and WhatsApp, turn on the infected device`s
microphone covertly, record Android VoIP calls, exfiltrate content
such as photos, and intercept both SMS messages and emails.
-mSpy: Another stalkerware app which markets itself as a service for
parents, mSpy for the iPhone allows users to monitor SMS messages,
phone calls, GPS locations, apps including Snapchat & WhatsApp, and
also includes a keylogger to record every keystroke made.
-PhoneSpector: Designed for both Android and iOS handsets,
PhoneSpector claims to offer `undetectable remote access.`
While a disclaimer says that the service is designed for parents and
businesses seeking to track company-owned devices used by employees
only, the implementation of the software is made through common
tactics used by malware and phishing campaigns.
`All you have to do is text or email the OTA (over-the-air) link to
the target device and our automated system will set up data transfer
protocol and the necessary info for you to monitor the device,` the
company proclaims. `Just tap a few buttons, then login to your online
account! You can be viewing texts, calls, GPS and more within a few
short minutes!`
Spyera, SpyBubble, Android Spy, and Mobistealth are a few more
examples of stalkerware which offer similar features, among many, many
more which are in what has become a booming business.
It is also worth noting at this stage that you can be tracked by
legitimate software which has been abused. Whether or not GPS is
turned on, some information recovery apps and services designed to
track down a handset in the case of loss or theft can be turned
against victims to track their location instead.
How do spyware and stalkerware become installed on to a device?
Spyware and stalkerware need to find a way to infiltrate a victim`s
mobile device. Most of the time, this is simply done by installing the
software on to the device physically, thus giving the app all the
permissions it needs at the same time.
However, there are also remote options which do not need physical
access. These versions will use the same tactics of cybercriminals --
a link or email attachment sent together with its malicious package.
The warning signs
If you find yourself the recipient of odd or unusual social media
messages, text messages, or emails, this may be a warning sign and you
should delete them without clicking on any links or downloading any files.
Should stalkers employ this tactic, they need you to respond to it.
There`s no magic button to send spyware over the air; instead,
physical access or the accidental installation of spyware by the
victim is necessary.
In the case of potential physical tampering, it can take mere minutes
for spyware to be installed on a device. If your mobile or laptop goes
missing and reappears with different settings or changes that you do
not recognize, this may be an indicator of compromise.
How do I know when I`m being monitored?
In one case of mobile stalking, I was asked how, if you suspected or
knew that your phone had been tampered with, it is possible to find
out the truth -- and whether there was a way to remove spyware from a
smartphone without the other party knowing.
There`s no beating about the issue: surveillance software is becoming
more sophisticated as time wears on and can be difficult to detect.
However, not all forms of spyware and stalkerware are invisible and it
is sometimes possible to find out if you are being monitored.
Android: A giveaway on an Android device is a setting which allows
apps to be downloaded and installed outside of the official Google
Play Store. If enabled, this may indicate tampering and jailbreaking
without consent.
This setting is found in modern Android builds in Settings - >
Security - > allow unknown sources. (This varies depending on device
and vendor).
You can also go to Settings - > Apps to check installed software, but
there is no guarantee that spyware will show up on the list.
Some forms of spyware will also use generic names in an attempt to
avoid detection. If a process or app comes up on the list you are not
familar with, a quick search online may help you ascertain whether it
is legitimate.
iOS: iOS devices, unless jailbroken, are generally harder to install
with malware. However, the presence of an app called Cydia, which is a
package manager that enables users to install software packages on a
jailbroken device, may indicate tampering unless you knowingly
downloaded the software yourself.
If you think your PC may have been infiltrated, check below:
Windows: On Windows machines, double-checking installed program lists
-- possible through the start bar -- and running processes under `Task
Manager` may help you identify suspicious programs.
Mac: On Apple Mac machines, you can do the same by clicking
`Launchpad,` `Other,` and `Activity Monitor` to check the status of
running programs. You can also reach Activity Monitor quickly through
Spotlight.
An antivirus scan is also a recommended way to remove spyware and PUP.
In the cases of Android and iOS devices, you may also experience
unexpected battery drain, as well as unexpected or strange behavior
from the device operating system or apps -- but in the latter case,
many users of stalkerware will try not to play their hand.
As with most things in life, trust your instincts. If you think
something is wrong, it probably is -- and you should take steps to
seize control of the situation.
How can I remove spyware from my device?
This is where things get difficult. By design, spyware and stalkerware
is difficult to detect and can be just as hard to remove. It is not
impossible but may take some drastic steps on your part.
When removed, especially in the case of stalkerware, some operators
will receive an alert warning them that the victim device is clean. In
addition, should the flow of information suddenly cease, this is a
clear indicator that the malicious software has been eradicated.
- Run a malware scan: On both mobile and PC there is a variety of
mobile antivirus solutions available which may be able to detect and
remove basic forms of spyware. This is the easiest solution available
but may not prove effective in every case.
-Change all of your passwords, enable two-factor authentication (2FA):
If you suspect underhanded dealings and account compromise, change
every password on every important account you have.
Many of us have one or two `central` accounts, such as an email
address, which will act as a hub for other accounts and password
recovery. Begin there.
Enabling 2FA, in which account activity and logins require further
consent from a mobile device, can also help protect individual accounts.
-Update your OS: It may seem obvious, but when an operating system
releases a new version which often comes with security patches &
upgrades, this can -- if you`re lucky -- cause conflict and problems
with spyware. In the same way as antivirus solutions, keep this updated.
-Protect your device physically: A PIN code, pattern, or enabling
biometrics can protect your mobile device from future tampering.
Removal of different brands:
-FlexiSpy removal: FlexiSpy may masquerade on Android devices under
the name `SyncManager.` If you find this app on your phone, try to
uninstall it directly, and then restart your phone. However, it may
also appear under another generic name, and so before deleting any
apps, perform a search on the app name first.
-mSpy: To remove mSpy, instructions are here as long as you have
physical access to the device. On the iPhone, you need to access
Cydia, search `Installed` and look for `IphoneInternalService.` Press
modify and remove. Additional options to try are explained here.
-If all else fails, factory reset: Performing a factory reset and
clean install on the device you believe is compromised may help
eradicate some forms of spyware and stalkerware. However, make sure
you remember to backup important content first.
Unfortunately, some stalkerware services claim to survive factory
resets -- although this cannot be verified for all kinds of spyware.
So, failing all of that, consider throwing your device in the nearest
body of water and starting afresh.
Surveillance without consent is unethical and in domestic situations
causes a severe imbalance in power. If your sixth sense says something
is wrong, consider listening.
A physical object is not worth sacrificing your privacy for and so
should your device become unsalvageable, take back control of your
right to privacy -- whether or not this means replacing your handset
entirely.