Stalkerware remains a significant problem with more 50,0000 users affected globally in 2020, according to new research from Kaspersky.
The recent Kaspersky report, The State of Stalkerware 2020, found a total of 53,870 mobile users were affected globally by the secret surveillance software used in the field of domestic violence.
The situation has not much improved compared to the year before. In 2019, Kaspersky discovered 67,500 affected mobile users.
“At the same time, when talking about improvements, it is important to take the start of the pandemic into account as stalkerware is often used to digitally control the life of an intimate partner,” Kaspersky says.
“With this in mind, it is unsurprising that the yearly curve of users affected by stalkerware globally shows a decline in reports from March to June 2020, before numbers began to stabilizs thereafter. This coincides with the beginning of worldwide lockdowns, and later when many countries around the world began to ease restrictions.”
Global dimension of stalkerware
Stalkerware is a form of cyberviolence, and a global phenomenon that affects countries regardless of size, society, or culture: Russia, Brazil, the United States of America, India and Mexico are at the top of Kaspersky’s 2020 list of countries where users are most impacted. Below them, Germany is the first European country, occupying sixth place in the global rankings. Iran, Italy, the United Kingdom and, lastly, Saudi Arabia complete the ten most affected nations.
Table 1 – 2020 Top ten most affected countries by stalkerware – globally
1 Russian Federation
Affected users: 12,389
Affected users: 6523
3 United States of America
Affected users: 4745
Affected users: 4627
Affected users: 1570
Affected users: 1547
Affected users: 1345
Affected users: 1144
9 United Kingdom
Affected users: 1009
10 Saudi Arabia
Affected users: 968
“We see the number of users affected by stalkerware has remained high and we detect new samples every day,” says Victor Chebyshev, Research Development Team Lead, Kaspersky.
“It’s important to remember that there is somebody’s real life story behind all these numbers, and sometimes there is a silent call for help.
“Therefore, we are sharing our part of the picture, with the community working to end the use of stalkerware in order to have a better understanding of the issue,” he says.
“It is clear that we all need to share what we are finding so we can further improve detection and protection for the benefit of those affected by cyberviolence.”
Action against cyberviolence
Since 2021, Kaspersky has joined forces with four partners to work on the EU-wide DeStalk project, which the European Commission chose to support with its Rights, Equality and Citizenship Program. According to Kaspersky figures, in total, 6,459 mobile users were affected by stalkerware in the EU in 2020, with Germany, Italy, France and Spain impacted most prominently.
Prior to DeStalk in 2019, Kaspersky co-founded, along with nine other organisations, the Coalition Against Stalkerware, which now has 30 members from five continents. The Coalition aims to improve industry detection of stalkerware, mutual learning from non-profit organisations and companies, and raise public awareness.
“The member organisations in the Coalition Against Stalkerware have made tremendous strides in the last year, including awareness-raising, detection of stalkerware, and research into the daily lives of survivors of domestic abuse,” says Eva Galperin, director ofcCybersecurity, Electronic Frontier Foundation.
“The Coalition has enabled us to take a holistic approach to a complex problem. There is no simple solution and we must keep pushing forward on many fronts.”
Additionally, in November 2020, Kaspersky released a free anti-stalkerware tool called TinyCheck in order to help non-profit organisations support victims of domestic violence and protect their privacy. Its unique feature revolves around being able to detect stalkerware and inform affected users without making the perpetrator aware. The tool is supported by the IT security community and constantly updated with the help of that community.
Users can check if their mobile device has stalkerware installed by looking for the following signs:
- Check permissions in installed apps: Stalkerware applications may be disguised under a fake app name with suspicious access to messages, call logs, location, and other personal activity. For example, an app called Wi-Fi that has access to your geolocation is a suspicious candidate.
- Delete apps that are no longer being used. If the app has not been opened in a month or more, it is probably safe to assume it is no longer needed; and if this changes in the future, it can always be reinstalled.
- Check “unknown sources” settings on Android devices. If “unknown sources” are enabled on your device, it might be a sign that unwanted software was installed from a third-party source.
- Check your browser history. To download stalkerware, the abuser will have to visit some web pages the affected user does not know about. Alternatively, there could be no history at all if the abuser wiped it.
- Use proven cybersecurity protection, such as Kaspersky Internet Security for Android, which protects you against all kinds of mobile threats and which run regular checks on your device.
Before removing stalkerware from a device:
- Do not rush to remove stalkerware if found on the device as the abuser may notice. It is very important to consider that the abuser may be a potential safety risk. In some cases, the person may escalate their abusive behaviours in response.
- Contact local authorities and service organisations supporting victims of domestic violence for assistance and safety planning. A list of relevant organisations in several countries can be found on www.stopstalkerware.org.
- Consider whether you want to preserve any evidence of the stalkerware prior to removal.
- Trust your gut instinct and do what feels safest to you.