What is Spyware?

Spyware Definition

Spyware is loosely defined as malicious software designed to enter your computer device, gather data about you, and forward it to a third-party without your consent. Spyware can also refer to legitimate software that monitors your data for commercial purposes like advertising. However, malicious spyware is explicitly used to profit from stolen data.

Whether legitimate or based in fraud, spyware’s surveillance activity leaves you open to data breaches and misuse of your private data. Spyware also affects network and device performance, slowing down daily user activities.

By becoming aware of how spyware works, you can avoid issues in enterprise and personal use.

In this article, we’ll help you answer the question: “what is spyware and what does it do?” and help you understand how to block spyware like Pegasus software. Also, check out this video with a brief explanation.

What Does Spyware Do?

Before we dive deeper, you’ll want to understand “what does spyware do on your computer?”

All spyware peeks into your data and all your computer activity — whether authorized or not. However, many trusted computer services and applications use “spyware-like” tracking tools. As such, the spyware definition is reserved mostly for malicious applications nowadays.

Malicious spyware is a type of malware specifically installed without your informed consent. Step-by-step, spyware will take the following actions on your computer or mobile device:

1. Infiltrate — via an app install package, malicious website, or file attachment.
2. Monitor and capture data — via keystrokes, screen captures, and other tracking codes.
3. Send stolen data — to the spyware author, to be used directly or sold to other parties.

In short, spyware communicates personal, confidential information about you to an attacker.

The information gathered might be reported about your online browsing habits or purchases, but spyware code can also be modified to record more specific activities.

Data compromised by spyware often includes collecting confidential info such as:

• Login credentials — passwords and usernames
• Account PINs
• Credit card numbers
• Monitored keyboard strokes
• Tracked browsing habits
• Harvested email addresses

The methods by which spyware gets onto your computer and mobile devices can vary.

How Spyware Infects Your Devices

Malicious spyware needs to mask itself carefully to install and operate unnoticed. Therefore, it’s methods of infection are usually obscured within seemingly normal downloads or websites. This malware may be in or alongside legitimate programs and websites via vulnerability exploits, or in custom-designed fraudulent apps and sites.

Bundleware, or bundled software packages, are a common delivery method for spyware. In this case, the software attaches itself to some other program you intentionally download and install.

Some bundled spyware installs discreetly without warning. Other times, your desired software will describe and require the spyware in the license agreement — without using that term. By forcing you to agree to the full software bundle to install the desired program, you are voluntarily and unknowingly infecting yourself.

Alternatively, spyware can get into a computer through all the avenues that other malware takes, such as when the user visits a compromised website or opens a malicious attachment in an email.

Note: Be aware that spyware is different from viruses. While both are types of malware that hide within your device, viruses are designed to replicate and embed into your other device files. Spyware does not have this replication trait. Therefore, terms like “spy virus” are not accurate.

Types of Spyware

Spyware is generally classified into four main categories:

1. Trojan spyware enters devices via Trojan malware, which delivers the spyware program.
2. Adware may monitor you to sell data to advertisers or serve deceptive malicious ads.
3. Tracking cookie files can be implanted by a website to follow you across the internet.
4. System monitors track any activity on a computer, capturing sensitive data such as keystrokes, sites visited, emails, and more. Keyloggers typically fall into this group.

Each type gathers data for the author or a third-party, all to be used to the attacker’s benefit. The lesser of these harmful types will simply monitor and send your data off to the attacker — like tracking cookies. System monitors and adware are far worse, as they can gather data and may also make modifications to your system that expose you to other threats.

In explaining why spyware is bad, we must unpack the explicit problems you can face when exposed to spyware.

Examples of Problems Caused by Spyware

Spyware can be incredibly dangerous if you’ve been infected. Threats can range from mild inconveniences to long-term financial damage. Among these problems, below are some of the most common:

Data Theft and Identity Fraud

First, and perhaps most importantly, spyware can steal personal information that can be used for identity theft. If malicious software has access to every piece of information on your computer, it can harvest more than enough information to imitate your identity. Information used for this purpose includes browsing history, email accounts, and saved passwords for online banking, shopping, and social networks. Also, if you've visited online banking sites, spyware can siphon your bank account information or credit card accounts and sell it to third parties — or use them directly.

Computer Damages

More commonly, you will face the damage spyware can do to your computer. Spyware can be poorly designed, leading to system-draining performance. The lack of performance optimization can take up an enormous amount of your computer's memory, processing power, and internet bandwidth. As a result, infected devices may run slowly and lag in between applications or while online. Worse cases include frequent system crashing or overheating your computer, causing permanent damage. Some spyware can even disable your internet security programs.

Disruptions to Your Browsing Experience

Spyware can also manipulate search engine results and deliver unwanted websites in your browser, which can lead to potentially harmful websites or fraudulent ones. It can also cause your home page to change and can even alter some of your computer's settings. Pop-up advertisements are an equally frustrating issue that accompanies some types of spyware. Advertisements may appear even when offline, leading to inescapable annoyances.

How to Protect Yourself from Spyware

The best way to control spyware is by preventing it from getting on your computer in the first place. However, avoiding program downloads and email attachments isn't always an option. Sometimes, even a trusted website can become compromised and infect your computer.

As your first line of defense, seek out internet security solutions with reliable antivirus and antimalware detection capabilities. Check that they have proactive protection as well. If your computer is already infected, many security providers offer spyware removal utilities to assist in identifying and removing spyware. Be sure to use a reliable internet security provider when choosing a Spyware removal tool. Certain utilities can be fraudulent and be spyware themselves.

There are several free antivirus solutions available. While a free antivirus trial is an excellent way to figure out which product is best for you, don't rely on a solution that promises unlimited protection at no cost. They will often lack certain features that are valuable for avoiding spyware schemes. Tools like a virtual encrypted keyboard for entering financial information, or a strong anti-spam filter and cloud-based detection system help to eliminate risks.

Beyond software, you can take a few other general tips across devices:

1. Be cautious about consenting to cookies. With GDPR-compliance taking over the web, nearly every website asks for your permission to create cookies. Only accept cookies from trusted sites, and only if you truly desire the custom experience being offered.
2. Install an anti-tracking browser extension. Tools now exist that disconnect you from the constant online tracking that occurs nowadays. Even reputable tracking may be unwanted, so these tools help you and your data remain private across the web.
3. Keep all software updated with the latest security. Malware can get installed onto your system through operating systems and app vulnerabilities. Updates commonly include security patches to fix these natural weaknesses, so always update as soon as possible.
4. Remember that “free” software always has a cost. Sometimes, free may mean a limited trial, but it can also mean the creator is profiting from your data. Always read the terms of use for the software license, and only agree if you understand and accept.

How to Protect Your Phone from Spyware Including Pegasus

1. Stay away from unofficial app stores. Third-party app stores carry many malicious spyware apps. Avoid downloading from these stores to lower your risk of infection.
2. Only download trusted apps from official app publishers. Some spyware masks itself as companion services to other popular apps like Facebook and Gmail. Always read the publisher's name and verify if they are official or a third-party.
3. Be reserved about giving permissions to apps. Some apps have no clear need for camera and microphone access, or your location data. Decide whether your apps need these permissions to give you an ideal user experience.
4. Do not follow links in text messages. A popular bait method for mobile attackers is to include links in texts to their targets. You’ll be safer by avoiding any links and manually entering URLs into the address bar — after you’ve verified them to be safe.

How to Protect Your Computer from Spyware

1. Enable or download a pop-up blocker. Many browsers offer built-in blockers now, but you may want to set the filter on high to prevent anything from slipping in.
2. Limit runnable applications to a pre-approved allowlist. You can control which applications run and what permissions they have. On your admin-level account, set these permissions to always ask you before running or making system modifications.
3. Avoid email links and attachments when possible. As another popular delivery method for malware, links and attachments can carry all kinds of malicious payloads. Even files from trusted senders can be malicious if their accounts have been hacked via phishing.

Spyware, and its associated malicious programs like malware and viruses, will always be a danger as long as you use an Internet-connected device. Protecting your finances and identity needs to be a top priority, and it simply can't be done through understanding the problem alone. Get yourself some Internet Security to help you protect your devices from potential spyware attacks.

How does spyware work?

Spyware is distributed in a number of ways. One of the most common is getting users to click on a link that leads to a malicious website. Those links can be in emails, text messages, pop-up windows in a browser, and ads on web pages. Poisoned links have also been known to appear in Google search results.

Sometimes you don't need to click on a malicious link to get to an infected website. This is most commonly done through an infected ad delivered to legitimate websites through legitimate ad networks—also known as malvertising. On occasion, threat actors embed malicious code on legitimate websites that can infect a visitor just by landing on a page.

Such "drive by" infections are popular in so-called watering hole attacks. Those attacks—named for a hunting technique used by predators who wait for their prey to gather around a watering hole before assaulting them—usually target a specific group of users. For example, a high-profile watering hole attack took place in 2013 when a malicious script was discovered at a popular site for iOS developers, PhoneDevSDK. The script redirected visitors from PhoneDevSDK, which included developers from Apple and Facebook, to a drive-by site.

Opening infected files is another method of distributing spyware. Such files are typically attached to email messages disguised as originating with a trusted source, such as a bank or the U.S. Post Office.

Users, too, can be enticed to download spyware. A developer might tout their program as a useful addition to a software library, but it can contain spyware. In some cases, deleting the software from your computer will get rid of the application, but the spyware will be left behind and continue snooping on you.

Mobile phones can also be a target of spyware. Although both Google and Apple do a decent job of catching malicious apps distributed through their online stores, they're not perfect. In the fall of 2018, for instance, four programs in the Google Play store—including one to find embassies abroad—were removed after discovering they were infected with the Overseer spyware. Users should be especially wary of programs  distributed outside of the Google and Apple stores. 

Sometimes malicious apps can appear to be original programs, or they might masquerade as an existing program. For example, an outside-the-apps-stores version of Psiphon, a program designed to give people in countries with repressive regimes unrestricted access to the internet, was infected with Triout, spyware that reads text messages, takes screenshots, copies photos and records phone calls, videos and the GPS location of the phones it infects.

"A couple years ago, the prime distribution channel for spyware was still through watering hole attacks and the use of exploit kits," explains Mounir Hahad, head of the threat lab for Juniper Networks, a network security and performance company. "These days, it has become mostly via email and SMS messages, followed by secondary downloads from compromised websites."

Social engineering remains the number one way to spread malware infections, maintains Jon Amato, a senior director analyst in the Atlanta offices of research and advisory company Gartner. "Tricking someone to go to a web page that exploits a browser vulnerability or exploits the user's gullibility is going to be the main way any malware gets distributed, including spyware," he says.

How to remove spyware

If your computer appears unusually sluggish or crashes a lot, your browser becomes overpopulated with pop-up windows, or you begin to observe suspicious hard drive activity, your efforts to avoid spyware might have failed. That means you'll need to remove the infection.

Removing any kind of malware manually is difficult, but it can be even more so with spyware. The malware is designed to be clandestine. That means it will hide telltale signs of its presence, like icons. Checking system resources can be a dead end, too. Spyware authors often name their files to mimic the names of real system files to hide their identity.

A number of programs—some of them free—can detect and remove spyware. They include SUPERAntiSpyware, Malwarebytes, Avast Free Antivirus, AVG AntiVirus, Adaware, Trend Micro HouseCall, SpywareBlaster and SpyBot Search & Destroy. In addition, Actiance Security Labs maintains Spyware Guide, which lists thousands of spyware programs with links to tools for removing them from systems.

Spyware on smartphones can cause symptoms similar to computers, such as frequent system crashes and performance hits, but there are other signs, too. For example, the phone may start turning itself off and not responding immediately when you try to turn it back on. Other signs include faster battery depletion than normal, surges in data usage and unusual text messages in your inbox.

Another tipoff is modifications to your phone that allow it to download apps outside Google's and Apple's app stores. In Android, that's typically done by changing a phone's security settings to allow downloads from unknown sources. In iOS, it's sometimes done by planting on a phone an app called Cydia, which is used to download software on a jailbroken iPhone.

If you suspect you have spyware on your phone, you can back up your data and reset it to its factory settings. You'll also want to make sure you're running the latest version of its operating system.

As with computers, there are also security programs that can be used to scan a phone for spyware and remove it, although that solution may not be effective in every case. For Android phones, there's also a "nuclear option" called dr.phone. It will totally and permanently wipe everything on your phone—photos, apps, contacts, messages, call logs and all private data. It's not to be used lightly.