Mobile Spyware: How Hackers Can Turn Your Phone Into a Stalking Machine

By on Dec 15, 2014

In the mid-2000s a commercial advertisement achieved so much notoriety that its existence bordered on parody. The product was a headache-relieving cream called HeadOn and its advertisements told you three times to “apply it directly to the forehead.”

The commercial was widely panned for its bizarre nature and lack of specificity. What, exactly, was HeadOn? What problems did it solve? Why is it supposed to be applied directly to the forehead? Why would anyone do this?

That bizarre nature and poor production value must have been in mind when the makers of StealthGenie commissioned this advertisement. After all, how else would one sell a spyware product allowing its purchaser to spy on their spouse, children and employees?

That’s right, spyware—a type of software that enables its users to monitor all forms of communications on a targeted device—is now being advertised to a consumer audience. According to our team at McAfee Labs™, this has been a long time coming.

Spyware isn’t malware in the traditional sense. Like malware, it’s loaded onto devices for the expressed purpose of monitoring a user’s activity, typically without the user’s knowledge. Spyware is often used by law enforcement, government agencies and information security organizations to test and monitor communications in a sensitive environment or in an investigation—not for fueling a personal drama. StealthGenie, and other applications like it, change that dynamic.

Here’s how.

Spyware apps are currently available for every mobile device platform on the market. Some of these apps simply redirect users to sales sites where spyware can be purchased, while others directly download the spyware tool onto the device. Most of these apps have the ability to hide their icon from your screen, making it difficult to detect by the victim. Others go even further, requesting or requiring DeviceAdmin privilege—a level in which the app has access to pretty much anything on your phone—to make the spyware impossible to remove if detected. Luckily for Android users, our free Hidden Device Admin Detector scans and detects malicious apps that have been granted device administrator privileges.

Once the spyware is installed, the purchaser can establish rules for monitoring their victim. For example, they can tell the spyware to monitor communications and movements once their target leaves, or enters, a particular zone. The purchaser can also choose to begin recording and relaying messages, movements and other data to a remote server as soon as it’s installed. After the installation and setup, purchasers can log onto a web page where they can access that data.

These apps, if used for nefarious purposes, could put people in serious danger. Abused spouses could be tracked and children could be remotely monitored. But such technology does have practical uses for organizations that would need to monitor internal communications, or for law enforcement agencies that would need the aid of spyware in an investigation. For those reasons, spyware falls under a legal grey zone: it’s not illegal for consumers to own, yet, but the Department of Justice is aggressively pursuing those who sell spyware to a consumer-centric market.

StealthGenie, again, is the perfect example: its CEO was recently arrested by the F.B.I. for the advertisement and sale of a mobile device spyware app that could “monitor calls, texts, videos and other communications on mobile phones without detection,” according to a Department of Justice press release. The CEO pled guilty, marking the first criminal conviction for advertising and selling mobile device spyware online. He likely won’t be the last.

StealthGenie is off the market, but there are plenty of spyware apps that are still available. So how can you protect yourself? Here are a few methods:

  • Don’t let your mobile phone out of sight. Keeping your mobile phone in your possession at all times is a surefire way to keep an adversary from placing spyware on your device. If you do lend out your phone for any reason, be sure to check its settings and apps. If your default settings have changed, or a new app has mysteriously appeared, it might be a sign that spyware has been installed.
  • Stick to official app stores. While spyware can be found on official app stores, they thrive on obscure third-party stores promoting unofficial apps. By downloading apps for jailbroken or rooted devices, you bypass built-in security and essentially place your device’s data into the hands of a stranger.
  • Use comprehensive security. Spyware exists for both mobile and desktop devices. So to protect yourself from spyware, using comprehensive security is a must.  McAfee LiveSafe™ service, our comprehensive security solution, can cover every device you own and detect most spyware on the market today. If you already have computer protection, you can install McAfee Mobile Security on your iPhone or Android device free of charge.

 

GaryNasdaq_NCSA_Conference_panel small

About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

  1. Being a victim of abuse, stalking and harassment safety is my priority. I’ve downloaded your software McAfee Total onto my computers Mac and HP your spyware only has been blocking Spyware MYSPY and Flexispy on windows HP. Spyware hacks iphone and Mac Apple devices easily. Apple doesn’t believe they are hackable which has put me at risk. My iphone has been compromised by another spyware app. MYSPY and Flexispy. (please try and get these noticed and dangerous apps as well . I love your service it’s just not able to stop these spyware apps on iphone 13.4 and Mac Catalina.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to McAfee Securing Tomorrow Blogs