The recent Kaspersky report, “The State of Stalkerware 2020”, shows that the situation has not much improved compared to the year before – in 2019, we discovered 67,500 affected mobile users. At the same time, when talking about improvements, it is important to take the start of the pandemic into account as stalkerware is often used to digitally control the life of an intimate partner. With this in mind, it is unsurprising that the yearly curve of users affected by stalkerware globally shows a decline in reports from March to June 2020, before numbers began to stabilize thereafter. This coincides with the beginning of worldwide lockdowns, and later when many countries around the world began to ease restrictions.
Global dimension of stalkerware
Stalkerware is a form of cyberviolence, and a global phenomenon that affects countries regardless of size, society, or culture: Russia, Brazil, the United States of America, India and Mexico are at the top of Kaspersky’s 2020 list of countries where users are most impacted. Below them, Germany is the first European country, occupying sixth place in the global rankings. Iran, Italy, the United Kingdom and, lastly, Saudi Arabia complete the ten most affected nations.
Table 1 – 2020 Top ten most affected countries by stalkerware – globally
|3||United States of America||4745|
“We see the number of users affected by stalkerware has remained high and we detect new samples every day. It’s important to remember that there is somebody’s real life story behind all these numbers, and sometimes there is a silent call for help. Therefore, we are sharing our part of the picture, with the community working to end the use of stalkerware in order to have a better understanding of the issue. It is clear that we all need to share what we are finding so we can further improve detection and protection for the benefit of those affected by cyberviolence,” comments Victor Chebyshev, Research Development Team Lead, Kaspersky.
Action against cyberviolence
Since 2021, Kaspersky has joined forces with four partners to work on the EU-wide “DeStalk” project, which the European Commission chose to support with its Rights, Equality and Citizenship Program. According to Kaspersky figures, in total, 6,459 mobile users were affected by stalkerware in the EU in 2020, with Germany, Italy, France and Spain impacted most prominently.
Prior to DeStalk in 2019, Kaspersky co-founded, along with nine other organizations, the Coalition Against Stalkerware, which now has 30 members from five continents. The Coalition aims to improve industry detection of stalkerware, mutual learning from non-profit organizations and companies, and raise public awareness.
“The member organizations in the Coalition Against Stalkerware have made tremendous strides in the last year, including awareness-raising, detection of stalkerware, and research into the daily lives of survivors of domestic abuse. The Coalition has enabled us to take a holistic approach to a complex problem. There is no simple solution and we must keep pushing forward on many fronts,” said Eva Galperin, Director of Cybersecurity, Electronic Frontier Foundation, when commenting on the Coalition’s first anniversary.
Additionally, in November 2020, Kaspersky released a free anti-stalkerware tool called TinyCheck in order to help non-profit organizations support victims of domestic violence and protect their privacy. Its unique feature revolves around being able to detect stalkerware and inform affected users without making the perpetrator aware. The tool is supported by the IT security community and constantly updated with the help of that community.
Users can check if their mobile device has stalkerware installed by looking for the following signs:
- Check permissions in installed apps: Stalkerware applications may be disguised under a fake app name with suspicious access to messages, call logs, location, and other personal activity. For example, an app called “Wi-Fi” that has access to your geolocation is a suspicious candidate.
- Delete apps that are no longer being used. If the app has not been opened in a month or more, it is probably safe to assume it is no longer needed; and if this changes in the future, it can always be reinstalled.
- Check “unknown sources” settings on Android devices. If “unknown sources” are enabled on your device, it might be a sign that unwanted software was installed from a third-party source.
- Check your browser history. To download stalkerware, the abuser will have to visit some web pages the affected user does not know about. Alternatively, there could be no history at all if the abuser wiped it.
- Use proven cybersecurity protection, such as Kaspersky Internet Security for Android, which protects you against all kinds of mobile threats and which run regular checks on your device.
Before removing stalkerware from a device
- Do not rush to remove stalkerware if found on the device as the abuser may notice. It is very important to consider that the abuser may be a potential safety risk. In some cases, the person may escalate their abusive behaviors in response.
- Contact local authorities and service organizations supporting victims of domestic violence – for assistance and safety planning. A list of relevant organisations in several countries can be found on stopstalkerware.org.
- Consider whether you want to preserve any evidence of the stalkerware prior to removal.
- Trust your gut instinct and do what feels safest to you.
Read the latest edition of PCR’s monthly magazine below: