Thousands may unknowingly have stalkerware on their phones: Internet Scambusters #909
Cyberstalking involves many ways of monitoring victims online, but stalkerware specifically watches your smartphone activities.
It can see and hear everything you do, and it knows where you are, as we explain in this week's issue.
Plus, we also have the latest coronavirus scam -- fake insurance agents pretending they can sell you a policy covering the disease.
Let's get started...
Stalkerware Sees and Hears Everything on Your Phone + Coronavirus Latest
Coronavirus Insurance Scam Warning
Can you insure yourself against getting coronavirus? Probably not, other than protection via any health or life insurance you hold.
But that doesn't stop fake insurance agents using high-pressure telesales tactics to try to convince victims that they can.
If you get a call offering this type of protection, it's almost certainly fake.
And, of course, you should never buy any type of product peddled via unsolicited calls without first checking out the true identity of the caller.
Call your state insurance department. If they're not listed, they're not licensed. If they are listed, the only way to be sure they're the people who called you is by using the number the department gives you and checking.
The Stalkerware Threat to Privacy
Cyberstalkers have a new weapon in their efforts to virtually follow their victims -- stalkerware.
Yes, that's right -- software whose sole purpose is to enable these crooks to spy on their victims. And with people using their mobile devices more than ever, thanks to the Covid-19 lockdown, we're likely to see an increase in this behavior.
Street stalkers are less likely to be on patrol these days because they either can't easily see their victim or because their cloak-and-dagger activities will be much more visible.
We define online stalking as the use of the Internet for monitoring and, often, harassing an individual. It involves all kinds of sinister motives including scamming victims, stealing their identity, blackmailing, bullying, and intimidation.
But in this case, we're talking about programs that are planted on your smartphone that are capable of seeing and hearing everything you do, and where you do it, and then reporting back to whoever put it there.
Just a few weeks ago, the US Federal Trade Commission (FTC) reached a deal with one maker of stalking software to stop them from selling tracking apps that could be installed on a victim's mobile devices and then send back information about them without their knowledge or permission.
But the firm is by no means the only one offering stalkerware.
Internet security firm Malwarebytes calls the software "both murky and dangerous."
"Stalkerware can see all the things you see on your device, hear all the things you hear, pinpoint your physical location, and even remotely control your camera and microphone," explains Malwarebytes' Wendy Zamora.
"Calls can be intercepted, eavesdropped on, and recorded -- all without the knowledge of the device owner."
Stalkerware is openly available, often posing as software for parental monitoring of teens, but also promoting its ability to keep an eye on activities of spouses and other partners.
In fact, provided the stalker can install it on others' phones -- even friends and colleagues for example -- it can spy on anyone.
There's evidence, for example, that some companies have been using the software on business phones to keep tabs on employees.
Getting Around Built-in Security
The programs have been able to get around built-in security on some smartphones during installation -- one of the reasons the FTC stepped in -- and can sometimes skirt the law by appearing to have a legitimate purpose.
Even Internet security software may not block its activities. Malwarebytes, for instance, catalogs stalkerware as a "potentially unwanted program" or PUP and quarantines it, allowing the user to decide if it should be kept.
One imagines most users would immediately want it removed, but some users simply ignore notifications from their security software.
States and federal authorities have to rely on laws that weren't originally written to defend against cyberstalking, which has sometimes left them in a difficult position to tackle the stalkerware producers.
Using it to track spouses has been described as "domestic abuse" by the National Domestic Violence Hotline.
Global media site Vice.com claims tens of thousands of people are unwitting targets of cheap spyware anyone can buy.
According to the site, the company halted by the FTC was hacked a couple of years ago, with the stolen data showing how ordinary folk had bought the software to track the activities of others.
The firm had 130,000 account holders. They each paid between $50 and $200 a month for this covert surveillance.
"The breaches highlight how consumer surveillance technology, which shares some of the same capabilities and sometimes even the same code as spy software used by governments, has established itself with the everyday consumer. And it would appear no small number of people are willing to use this technology..." says Vice.
The stolen data apparently showed personal images including some of children.
What to Do
Monitoring software has been around for a while, but its use has rocketed according to Malwarebytes -- up almost tenfold in the past five years. And in a single three-month period, the security firm identified more than 2,300 active programs.
Even if the stalkerware does have a seemingly legitimate purpose of tracking kids, security flaws in tracking software have enabled records to be hacked and often sold on.
It's not always easy to check if you have certain cyberstalker apps installed but a surge in your phone's data usage could be a giveaway, or if your battery drains quicker than usual.
But installing security software on your device -- many people have anti-malware software on their PCs but not on their smartphone -- should flag up the presence of snooping software.
Install it, run a scan, and then select and either block or uninstall the program. If you don't want to do this -- say it's an employer phone -- at least be aware of it or take professional advice on how to deal with it.
From then, or if the phone is "clean," it's up to you to manage access to your mobile device, including keeping passcodes confidential.
Cyberstalker software is, of course, only one element of online stalking, and some other types, such as creating false identities to monitor individuals' social media, are equally dangerous.
We wrote about this a few years ago and it's worth checking out this earlier report outlining 15 steps to take to avoid cyberstalkers generally: http://new.scambusters.org/cyberstalking.html.
That's it for today -- we hope you enjoy your week!