If you have been using any kind of computer or mobile device for very long, you’ve probably heard of spyware. But how much do you really know about this evil type of software?
In this article, we give you a quick course in what spyware is and why it is worth some serious effort to keep it off all your Internet-connected devices. As we go, you’ll learn about some recent, real-world cases of the kinds of damage spyware can cause. From crippling an entire city government to triggering a multi-billion dollar divorce, spyware can cause massive problems.
Specifically, we will cover the following topics:
- What is Spyware?
- How Spyware Gets Into Your Devices
- How to Tell if Your Device is Infected with Spyware
- What to Do if Your Device is Infected
- How to Prevent Future Infections
What is Spyware?
Spyware is software that gathers data from your device without your knowledge or against your will. Once it collects this information, it can send it to someone, somewhere, who will use it in ways that are harmful to you.
These harmful uses could be relatively benign, like forcing unwanted ads onto your screen or secretly tracking where you go online. Or they could be devastating, like emptying your bank accounts or locking up all the data on your organization’s servers until you pay a ransom.
Clearly, spyware is not something you want on any of your devices.
Common Types of Spyware
While as you read this, some spyware creator is dreaming up the next new way to attack your devices, spyware generally falls into one of four categories. They are:
- Adware – secretly installed software that forces ads onto your device
- Trojans – software that installs malicious software or steals information
- Tracking Cookies – record your online activities and share them amongst sites
- System Monitors – record everything you do and send the info to the bad guys
That’s the real high-level view. Now let’s look at each of these types of spyware in more detail.
Adware is a type of spyware that gathers information about the sites you visit online and the files you download. The goal is to use this information to display ads that you will click on, thereby earning the adware publisher commissions.
These ads can appear in addition to, or in place of, the ads that you would otherwise see. Adware can slow down your system. It can also make the system unstable as the adware fights with your web browser or operating system to force its ads onto your screen. Adware also hurts legitimate advertisers who can lose sales to the sneaky spyware publisher.
Trojan spyware is software that pretends to be something that it isn’t. A Trojan might look like a video player or something similar, but might instead actually steal information from your device and send it to the spyware company.
Some Trojans allow whoever controls the spyware to gain partial control over your device. They can then do stuff like read or delete your files. Sometimes they can encrypt your files and demand a payment in exchange for decrypting them. This last nasty type of Trojan is known as ransomware.
One timely example of ransomware is the ongoing war between the city of Baltimore and someone who managed to get RobbinHood ransomware onto the city’s servers.
Cookies that are installed on your device by a website can serve a lot of purposes. Many of these services are beneficial to you, such as remembering your login information or what page you last visited.
Tracking Cookies are a bit different. Their job is to record your online activities so that marketers can more efficiently target you with ads or other marketing materials. As Symantec explains:
Major advertisers can have their ads on thousands of sites. Every time you visit one, the site can put a tracking cookie on your device. Over time, the advertiser uses these cookies to see where you go and builds up an ever-more-detailed profile of your online activities.
They haven’t done anything directly malicious, but most of us would object to the number of businesses quietly tracking us as we go about our online lives.
System Monitors are a type of spyware that is capable of monitoring and recording virtually anything you do on your device. It can typically record your keystrokes, chats, text messages, the sites you visit, the files you download, practically anything. Some of these apps can even do screen captures of your activities to send to whoever controls the spyware.
These evil apps are in their own category because they have different limitations and modes of attack than spyware that targets regular computers. Some spyware can get into your mobile devices through SMS or MMS messages.
This kind of spyware can be particularly ugly. Think about it. Your smartphone knows where you are at all times. It has cameras and microphones built-in, along with tons of your most personal information. Now imagine a Trojan or System Monitor getting control of your phone. Talk about a personal privacy disaster. Ask Jeff Bezos, CEO of Amazon, what can happen to your life when someone gets their paws on the information that lives on your smartphone.
Apps that Know Too Much
Then there are the apps that appear in the app stores.
Many people consider apps that request data other than that necessary to do their jobs to be spyware, regardless of whether they are approved to appear in an official app store. For example, I was recently looking for a pedometer app — something to count the number of steps I take in a day.
There are a ton of free pedometer apps in the Google Play store. All I wanted was an app that would count and display my steps — nothing else.
But when I looked at the Permissions sections of their Google Play entries, they all seemed to want permissions far beyond what seemed necessary. Things like full Internet access and the ability to view my contacts. Others stated right up front that they didn’t require GPS access, but under Permissions required access to precision location information, which is GPS and network-based.
Are apps like this spyware? Technically, I guess not. But if you are concerned about protecting your privacy, you might want to get into the habit of checking the required permissions of any app you are considering.
How Spyware Gets into Your Devices
Okay, we agree that spyware is a clear and present danger to your privacy. But how does spyware get into your computers, smartphones, and other devices in the first place? Let’s see.
Probably the most common way spyware gets into position to do its dirty work is through being installed by another program. When you download and install software from a sketchy source on the Internet, there is a good chance that the software will secretly install some adware along with whatever it is that you thought you were installing. Spyware creators will pay software developers to install their junk on your device for them secretly.
Another way spyware gets into devices is through security flaws. These flaws can be in your device’s security. Researchers are constantly searching for, and finding, ways that hackers can get past the security on devices. If the bad guys find one of these before it gets fixed, they can use it to get their spyware into your device without your knowledge.
The other security flaws are human ones. Some people are so anxious to get back to whatever it was they were doing on their device that they click on random popups without even reading them, just to make them go away. Some spyware takes advantage of this to get past your device’s security. After all, you clicked the OK button, so you must want to install that dubious-looking program.
A similar human error comes into play when opening emails or downloading files sent to you from unknown sources. This is a combination of human and device errors. You opened ‘it,’ and your device failed to recognize ‘it’ as something bad, so let it get past security.
Also, as we discussed in an earlier section, a mobile device might be vulnerable to attacks through the phone system’s SMS or MMS messaging systems.
How to Tell if Your Device is Infected with Spyware
Figuring out if your device is infected with spyware isn’t a straightforward task. After all, this stuff is hiding on the device to spy on you, so the developers aren’t going to make it easy to find. Still, spyware does often leave telltale signs of its presence.
According to Symantec, the makers of the Norton brand of Anti-malware products, “You may have a spyware issue if your computer shows these symptoms.
- Your device is slow or crashes unexpectedly.
- Your device is running out of hard drive space.
- You get pop-ups when you are online or offline.”
Other signs that can indicate a spyware infection can include:
- Sudden problems with your Internet connection
- Your firewall or antivirus software stops functioning
- New icons appear on the screen
- You find yourself suddenly redirected to a different search engine
How to Know For Sure if You Have a Spyware Problem
While these are all good clues that you have a problem, the best way to know for sure is to run an anti-malware app, such as the free app Malwarebytes, to test your system for the presence of known spyware.
If the antispyware app detects spyware, it will probably offer to delete it or otherwise neutralize it for you. That’s great, but even if the app can do this for you, you should still follow steps 3 and 4 from the next section. The infection may be over, but you still need to undo the damage that may have been caused by it.
Besides a specialized program like Malwarebytes, these days many antivirus programs have built-in or optional antispyware features. This is particularly important if you have Linux boxes in your collection of devices to protect – there are no Linux-equivalents of Malwarebytes that we know of.
What to Do if Your Device is Infected
If one of your devices is infected with spyware, you have a project ahead of you. The steps you need to follow are:
- Step 1: Install the latest version of Malwarebytes
- Step 2: Install uBlock Origin
- Step 3: Get all the malware off the device
- Step 4: Change all your passwords
- Step 5: Notify all financial institutions and other sensitive organizations of the problem
It is essential to do these steps in this order. In particular, you don’t want to be changing passwords until your device is clean. Do things in the opposite order, and the spyware may simply transmit your new passwords to the bad guys while you are in the process of clearing it off your device.
So let’s go…
1. Install the Latest Version of Malwarebytes
You should install the latest version of Malwarebytes on your device, even if you already have something. This is because some spyware can sabotage antispyware to keep itself from being detected.
2. Install uBlock Origin
Install the uBlock Origin browser extension if your browser supports it. This free extension provides a large and growing set of protections for your browser. It blocks bad scripts and harmful ads while adding even more privacy protection features.
While it can’t directly prevent Browser Fingerprinting, it can block many websites that use this underhanded technique.
As best we can tell right now, the result of these changes is that in the future, only licensed enterprise users of Chrome will be allowed the level of ad blocking currently available. Extensions installed in the free versions of Chrome will have a limited ad-blocking capability. How limited is still unclear, but it there will probably be some negative impact on their ability to stop spyware as well as block ads. As this Forbes article puts it, “Google just gave 2 billion Chrome users a reason to switch to Firefox.”
3. Get All the Malware off Your Device
Some spyware tries to sabotage your device’s defenses to protect itself against detection. This can make your device vulnerable to additional infections by other spyware and malware apps. You will want to run the most intense scan you can on your device to ensure that everything foul gets found and removed.
4. Change All Your Passwords
This is a major pain in the neck, but also a necessity. You can never be sure that the spyware did not somehow find your passwords during its time on your device. That means you need to change all your passwords once the spyware is gone from your device.
While this is annoying and time-consuming, it beats having some creep poking around on your social media pages or using your online banking credentials to get at your accounts.
5. Notify All Financial Institutions and other Sensitive Organizations of the Problem
This step is necessary to minimize your headaches if your passwords and related information did make it out to the bad guys. Having to replace all your bank cards and the passwords for all your financial (and other sensitive) accounts is a major hassle, but it is the only way to be sure that some jerk on the other side of the world doesn’t use your bank account to pay for his new Lamborghini. Or if he tries, the bank will know about it and stop the deal from going through.
How to Prevent Future Infections
Whether you have just cleaned out an infection on a device or you are looking to prevent that first infection, the steps you need to take are the same.
First, install the antimalware app of your choice. You want one that does real-time scanning, not just regularly scheduled checks. While regularly scheduled checks are better than nothing, imagine the damage spyware could do to your device and your life in the time between when it gets onto your device and the next regularly scheduled check.
Second, make sure the antimalware app is up to date and run a thorough scan of your device. Spyware could have found its way onto your device at any time prior to the instant your antimalware app started protecting it, so it is worth doing a thorough scan right now.
Third, install uBlock Origin to limit all sorts of malware attacks on your device and block many of the bad websites out there.
Fourth, make the following precautions part of your regular use of all your devices. Taking these precautions will significantly decrease the chances of spyware, even getting access to your devices. Then you don’t have to worry whether the spyware can get past your device’s defenses.
From now on, be sure to:
- Have anti-malware software installed and running on all your devices.
- Avoid downloading software from unofficial sources. While this isn’t a perfect guarantee of safety, if you only download software from places like an official app store, or the site of a major publisher, you will greatly reduce the chance of getting your device infected.
- Don’t open an email from unknown individuals. And don’t open any files attached to such emails.
- Don’t click on pop-up ads that suddenly start appearing on your device.
- Keep your anti-malware software, operating system (OS), and your browser updated at all times. When a new spyware app starts hitting targets, you’ll want to be able to install the fixed version as soon as possible.
- Make sure any browser extensions are current and look for options to enhance the security of the browser. See this article on the best secure browsers for instructions on how to harden Firefox against attacks.
- Activate your device’s Firewall (for those devices that have them). A Firewall can block suspicious applications from getting installed on the device.
- Beware of freeware that sounds too good to be true. For example, we constantly write about the risks of free VPN services (see Touchvpn, Betternet, Holavpn, Starvpn etc) as something that sounds great, but in fact, isn’t . We always recommend going with a reputable paid service like Nordvpn, Expressvpn, Cyberghost etc.
Spyware is an ever-present problem for any device connected to the Internet. In this article, we’ve looked at the various types of spyware, how it gets onto your devices, how to get it back off your devices, and finally, things you can do to keep your devices from getting infected with spyware from now on.
While the war against spyware will continue indefinitely, if you follow the advice we’ve given here, you will maximize your chances of avoiding spyware infections from now on.
But remember to always be on your guard as malicious spyware is often being taking new forms and being delivered by new methods.
- What is Adware?
- Definition of System Monitors
- What is Ransomware?
- Tracking Cookies Explained
- What is Trojan Spyware?