Spyware is a type of malicious software -- or malware -- that is installed on a computing device without the end user's knowledge. It invades the device, steals sensitive information and internet usage data, and relays it to advertisers, data firms or external users. Any software can be classified as spyware if it is downloaded without the user's authorization. Spyware is controversial because, even when it is installed for relatively innocuous reasons, it can violate the end user's privacy and has the potential to be abused.
Spyware is one of the most common threats to internet users. Once installed, it monitors internet activity, tracks login credentials and spies on sensitive information. The primary goal of spyware is usually to obtain credit card numbers, banking information and passwords.
Spyware can be difficult to detect; often, the first indication a user has that a computing device has been infected with spyware is a noticeable reduction in processor or network connection speeds and -- in the case of mobile devices -- data usage and battery life. Antispyware tools can be used to prevent or remove spyware. Antispyware tools can either provide real-time protection by scanning network data and blocking malicious data, or they can detect and remove spyware already on a system by executing scans.
How spyware works
Spyware can affect any personal computer (PC) or Mac, as well as iOS or Android devices. While the Windows operating system (OS) is more likely to fall prey to an infiltration, hackers are getting better at finding ways into Apple's OS as well. Some of the most common ways for computers to become infected include the following:
- pirating media, including games, videos and music;
- downloading materials from unreliable or unknown sources;
- accepting a pop-up advertisement or prompt without reading the content; and
- accepting and opening email attachments from unrecognized senders.
In its least damaging form, spyware exists as an application that starts up as soon as the device is turned on and continues to run in the background. Its presence will steal random access memory (RAM) and processor power and could generate infinite pop-up ads, effectively slowing down the web browser until it becomes unusable.
Spyware may also reset the browser's homepage to open to an ad every time or redirect web searches and control the provided results, making the search engine useless. Additionally, spyware can change the computer's dynamically link libraries (DLLs) -- which are used to connect to the internet -- resulting in connectivity failures that can be hard to diagnose.
At its most damaging, spyware will track web browsing history and record words, passwords and other private information, such as credit card numbers or banking records. All of this information can be gathered and used for identity theft.
Spyware can also secretly make changes to a device's firewall settings, reconfiguring the security settings to allow in even more malware. Some forms of spyware can even identify when the device is trying to remove it from the Windows registry and will intercept all attempts to do so.
Types of spyware
Spyware is not just one type of program. It's an entire category of malicious software that includes adware, keyboard loggers, Trojans and mobile information stealing programs.
Adware. Malicious adware is often bundled in with free software, shareware programs and utilities downloaded from the internet or surreptitiously installed onto a user's device when the user visits an infected website. Many internet users were first introduced to spyware in 1999 when a popular freeware game called Elf Bowling came bundled with tracking software. Adware is often flagged by antimalware programs as whether the program in question is malicious or not.
Keyboard loggers. Keyloggers are a type of system monitor that are often used by cybercriminals to steal PII, login credentials and sensitive enterprise data. Keyloggers may also be used by employers to observe employees' computer activities; parents to supervise their children's internet usage; device owners to track possible unauthorized activity on their devices; or law enforcement agencies to analyze incidents involving computer use.
Hardware keyloggers resemble a Universal Serial Bus (USB) flash drive and serve as a physical connector between the computer keyboard and the computer, while software keylogging programs do not require physical access to the user's computer for installation. Software keyloggers can be downloaded on purpose by someone who wants to monitor activity on a particular computer, or they can be downloaded unwittingly and executed as part of a rootkit or remote access Trojan (RAT).
Trojans. Trojans are typically malicious software programs that are disguised as legitimate programs. A victim of a Trojan could unknowingly install a file posing as an official program, allowing the Trojan to have access to the computer. The Trojan can then delete files, encrypt files for ransom or allow others to have access to the user's information.
Mobile spyware. Mobile spyware is dangerous because it can be transferred through Short Message Service (SMS) or Multimedia Messaging Service (MMS) text messages and typically does not require user interaction to execute commands. When a smartphone or tablet gets infected with mobile spyware that is sideloaded with a third-party app, the phone's camera and microphone can be used to spy on nearby activity, record phone calls, and log browsing activity and keystrokes. The device owner's location can also be monitored through the Global Positioning System (GPS) or the mobile computing device's accelerometer.
How to prevent spyware
Maintaining strict cybersecurity practices is the best way to prevent spyware. Some best practices include the following:
- only downloading software from trusted sources;
- reading all disclosures when installing software;
- avoiding interaction with pop-up ads; and
- staying current with updates and patches for browser, OS and application software.
In addition, users should install antispyware tools, use extensive and reputable antivirus software, avoid opening emails from unrecognized senders and enable two-factor authentication (2FA) whenever possible.
IPhone users can activate 2FA at no additional cost, enabling them to protect all the data on their smartphone and prevent mobile spyware attacks. Two-factor authentication can also be used in a variety of other common services, including PayPal, Google, Dropbox and Microsoft Office 365, as well as in social networking sites, such as Instagram, Snapchat, Facebook and Twitter. Most major banks have also started implementing 2FA in their websites and mobile apps. Some services have even increased their authentication process to three- and four-factor authentication -- 3FA and 4FA, respectively.
To further reduce the probability of infection, network administrators should practice the principle of least privilege (POLP) and require remote workers to access network resources over a virtual private network (VPN) that runs a security scan before granting access privileges.
When choosing an antispyware tool, it is important to know that some only perform when the scan is manually started, while others are continuously running and monitoring computer activity to ensure spyware can't record the user's information. Furthermore, users should apply caution when downloading antispyware tools. Reviews can be read to determine which tools are safest, and it is recommended that the user only download tools from reputable sites.
Some antispyware tools include the following:
- Malwarebytes is an antimalware/spyware tool that can remove spyware from Windows, macOS, Android and iOS. Malwarebytes can scan through registry files, running programs, hard drives and individual files. Once a spyware program is detected, a user can quarantine and delete it. However, users can't set up automatic scanning schedules.
- Trend Micro HouseCall is another antispyware tool that doesn't require user installation. Because it doesn't require installation, HouseCall uses minimal processor and memory resources, as well as disk space. However, like Malwarebytes, users cannot set automatic scans.
- Windows Defender is an antimalware Microsoft product included in the Windows 10 OS under Windows Defender Security Center. The software is a lightweight antimalware tool that protects against threats such as spyware, adware and viruses. Windows Defender includes multiple features, such as Application Guard, Exploit Guard, Advanced Threat Protection and Analytics. Windows Defender users can set automatic Quick and Full scans, as well as set alerts for low, medium, high and severe priority items.
How to remove spyware
In order to remove spyware, device users must first identify that the spyware exists in their system. There are several symptoms to look for that can signify the presence of an attack. They include the following:
- The device runs at a much slower speed than normal.
- The device consistently crashes unexpectedly.
- Pop-up ads appear whether the user is online or offline.
- The device starts running out of hard drive space.
If it is determined that spyware has infected the system, then the user should perform the following steps:
- Disconnect the internet connection.
- Check the device's programs list to see if the unwanted software is listed. If it is, choose to remove it from the device. After uninstalling the program, reboot the entire system.
- If the above step does not work, then run a scan of the system using reputable antivirus The scan will find suspicious programs and ask the user to either clean, quarantine or delete the software.
- The user can also download a virus removal tool or antispyware tool and allow it to run through the system.
If none of the above steps work, then the user will have to access the device's hard drive in safe mode. However, this requires a tool that will enable the user to access the spyware folders and manually delete them. While this sounds complicated, the process should only take a few minutes.
The best-known examples of spyware are the following:
- Zlob -- or Zlob Trojan -- downloads itself onto a computer and records keystrokes, as well as search and browsing history.
- Gator -- commonly found in file sharing software -- monitors victims' web surfing habits in order to present them with better targeted ads.
- TIBS Dialer disconnects the user's computer from a local phone line and instead connects it to a toll number that is designed for accessing pornographic websites.
- CoolWebSearch takes advantage of security vulnerabilities found in the Internet Explorer web browser in order to take control, change settings and send browsing information to its authors.
- Internet Optimizer -- more popular in the days of dial-up connections -- initially promises to increase internet speeds but instead replaces all error and login pages with ads.
In addition, spy apps have been designed for smartphone users that allow different people to track the phone user's activity. While most were created with the intent of letting parents monitor their child's phone use, their abilities have been grossly abused. These apps act as mobile spyware and allow external users to access the phone's microphone and camera to view the surroundings, listen in on phone calls and access the phone's GPS location, passwords and mobile apps. Some popular spy apps include Spyera, FlexiSPY and TheOneSpy.