Spyware. If the name sounds creepy and invasive, that’s because it is.
The thought of someone virtually looking over your shoulder as you work, play, shop, bank, and so on is pretty unsettling. Yet that’s what spyware effectively does while you’re online. Luckily, you can do plenty to keep spyware from winding up on your devices.
What is spyware?
Spyware secretly gathers information on you as you use your device. It’s a type of malware. Depending on its form, spyware can sniff out your surfing habits to serve up targeted ads—or it can record your keystrokes, which can steal your passwords and credit card numbers. In all, spyware skims your otherwise personal information and puts it into someone else’s hands.
Spyware can end up on your device several ways. That includes clicking on a malicious attachment in an email, a download from a sketchy site, or via an app that you’ve downloaded yourself. Other sources of spyware include pirated video streams, illicit sharing sites (music, videos, games), and sketchy links passed along in social media and texts. Sometimes, bad actors simply install it on devices themselves if the device is unlocked and unattended.
You can find spyware out there in the wild as well. Shared computers at hotels, libraries, and other public locations sometimes wind up with spyware on them. Hackers target these devices in the hopes that unsuspecting users will use them to go online and do a little banking or access otherwise sensitive information. That’s one more good reason to do your important business on your own trusted devices.
What are the different kinds of spyware?
Broadly speaking, spyware spans a range of uses. They can land anywhere from legitimate to questionable to outright illegal.
For example, some applications make it quite clear that they collect and share some usage data. Social media apps are a good example of this. While you might or might not be entirely comfortable with the data they collect, it’s legitimate.
Other applications might not make their data collection policies clear, such as burying them in a user agreement—making it difficult for people to know what’s actually being collected. In other words, some app developers might shroud just how much information and data they track.
Lastly, hackers and scammers will maliciously steal information, potentially with an app or by otherwise getting it installed on a victim’s device.
Within this range of legitimate and illegal use, you’ll find different forms of spyware:
- Adware – As the name suggests, this form of spyware tracks user activity and sends it along to advertisers for targeted ad campaigns. Sometimes, this can take malicious forms that serve pop-up ads, which earn scammers money each time they get viewed.
- Keyloggers and monitors – These forms of spyware lurk in the background on devices and skim keystrokes as mentioned above. Worse yet, they might collect information like browsing activities, messaging history, emails sent, and the like.
- Rootkits – These give an attacker administrative or “root” access to a device. When installed, it allows them to monitor activity on a device and even remotely control it.
- Mobile spyware – Because smartphones and tablets have powerful functionality like cameras, microphones, GPS tracking, and more, mobile spyware gets a category of its own. This form of malware takes advantage of that functionality to spy on a user’s location, listen in on what they’re saying, or use the camera to spy on them. It might also give the attacker access to photos, contact lists, text logs, and other information stored on the phone.
How to protect yourself from spyware.
Your first step, protect your devices.
Comprehensive online protection software can detect and block known and new forms of spyware. Further, it can also protect your privacy, keep you safe from attacks on public Wi-Fi, and automatically block unsafe websites and links, just to name a few things it can do.
Beyond that, you have several other steps you can take. Some of them rely on technology. Yet plenty of spyware prevention comes down to using good judgment and keeping a sharp eye open.
1. Update your operating system.
Along with installing security software, keeping your operating system up to date can greatly improve your security. Updates can fix vulnerabilities that hackers rely on to pull off their malware-based attacks. It’s another tried-and-true method of keeping yourself safe—and for keeping your phone running great too.
2. Avoid third-party app stores.
Apple, Google, Microsoft, and other major technology companies have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites might very well not, and they might intentionally host malicious apps as part of a front.
3. Stick with legitimate streaming, music, and gaming services.
Like steering clear of third-party app stores, keep your online purchases and rentals to known, respected platforms. Unsurprisingly, hackers and scammers will prop up malicious sites that promote popular shows, films, and other content like games and music—yet they use them to deliver malware and steal personal information. If you find an offer for media that’s heavily discounted, free, or not available on known media outlets, it’s likely a scam. At the very least, it might be pirated content, which can carry malware threats along with it. One example, the several scam sites that appeared around the release of the “Barbie” movie.
4. Review apps carefully.
Check out the developer—have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps might have only a handful of (phony) five-star reviews. Lastly, look for typos and poor grammar in both the app description and screenshots. It might be a sign that a hacker slapped the app together and quickly deployed it. Yet better, get a recommendation from a trusted source, like a well-known publication, or from app store editors themselves.
5. Watch out for random sites that say you have a security issue.
A window or graphic pops up on your screen. It says that the site has identified a security issue with your device. Or maybe it says that your system isn’t current. Either way, there’s a file the site wants you to download. You can correct the issue with a click. Don’t. It’s a classic trick. Instead of fixing your non-existent problem, the download will create one. Scammers use the security alert trick to install malware on the devices of unsuspecting victims.
6. Lock your devices—and keep an eye on them too.
As mentioned above, some bad actors will install spyware on devices themselves. However, this requires access, time, and effort to pull off. Locking your device and always keeping it close can help prevent bad actors from infecting your phone this way.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.