It was like a calculator app. But in reality, it was spyware that recorded every keystroke. This is the type of data that provides stalkers with free access to their private lives. This week’s conclusion after downloading the free app Flash Keylogger to an Android smartphone. The app described itself as a tool for monitoring family online activity by logging what the family entered.Once installed from Google In the official app store, you can change that icon to a calculator or calendar app icon. In my tests, the app recorded all inputs, including web searches, text messages, and emails.
Flash Keylogger is part of a group of rapidly expanding apps called “stalkerware.” These apps were in the hundreds a few years ago, but have grown to thousands since then.They are widely available on Google Play store To a lesser extent, Apple’s App Store often has harmless names such as MobileTool, Agent, and Cerberus. And they have become such a tool for digital domestic violence, and Apple and Google started last year admitting that apps are a problem.
According to a survey by security firm NortonLifeLock, the number of devices infected with stalkerware increased by 63% between September and May last year. This month, the Federal Trade Commission announced that it has banned one of the app makers, Support King, from offering SpyFone, a stalkerware that gives access to victims’ locations, photos, and messages. It was the first ban of that kind.
“This is a very invasive, very big problem and is related to some of the worst abuses we’ve seen in intimate partner abuse,” said Cyber, a digital rights management organization, Electronic Frontier Foundation. Security Director Eva Galperin talks about the app. ..
Stalker wear is a thorny problem because it lives in the gray area. There are legitimate uses of monitoring apps such as parental control software that monitors children online to protect them from predators. However, this technology is secretly installed on a partner’s phone and becomes stalkerware if it spies on the partner without consent.
Due to the more open nature of Google’s software system, programs have deeper access to device data and users can install their favorite apps on their phones, so such apps are available on phones running Android. Researchers say it’s more prevalent. However, new stalking software targeting the iPhone is also emerging.
After contacting the app, Google said it banned apps that violate the policy, such as Flash Keylogger.
An Apple spokeswoman introduced us to a safety guide published last year in response to the threats of these apps. He added that the new stalkerware is not an iPhone vulnerability that technology can fix if an abuser accesses a person’s device and passcode.
The fight against stalker wear is tough. You may not think it is there. Even so, it can be difficult to detect because antivirus software has only recently begun to flag these apps as malicious.
This is a guide to how stalking wear works, what to look out for, and what to do about it.
Types of stalker wear
Surveillance software has skyrocketed on computers for decades, but recently spyware makers have shifted their focus to mobile devices. The app has become known as stalkerware because mobile devices have access to more detailed data such as photos, real-time location, phone conversations, and messages.
Different stalker wear apps collect different kinds of information. Some even record calls, record keystrokes, track locations, and upload photos of people to remote servers. But they all work the same in general. An abuser who has access to the victim’s device installs the app on the phone and disguises it as regular software such as the calendar app.
From there, the app lurks in the background, and later the abuser retrieves the data. Information may be sent to the abuser’s email address or downloaded from a website. In other scenarios, an abuser who knows the partner’s passcode can simply unlock the device to open the stalkerware and view the recorded data.
Then what should I do? Coalition Against Stalkerware, founded by the Electronic Frontier Foundation and other groups, and many security companies have provided the following tips:
— — Look for abnormal behavior on the deviceLike a battery that drains rapidly. This could be a free gift that the stalker app is always running in the background.
— — Scan device.. Some apps, such as Malwarebytes, Certo, NortonLifeLock, and Lookout, can detect stalking wear. However, to be thorough, take a closer look at the app to see if it’s unfamiliar or suspicious. If you find stalkerware, pause it before removing it. If you decide to report the abuse to law enforcement, it can be useful evidence.
— — Ask for help.. In addition to reporting stalking behavior to law enforcement agencies, you can seek advice from resources such as the Domestic Violence Hotline and the Safety Net Project sponsored by the National Network to end domestic violence.
— — Audit your online account Check which apps and devices are connected to them.For example, on Twitter, in the settings menu[セキュリティとアカウントへのアクセス]Click the button to see which devices and apps can access your account. Log out of anything that looks shaded.
— — Change password and passcode.. It’s always safer to change passwords for important online accounts and avoid reusing passwords between sites. Try creating a long and complex password for each account. Similarly, make sure your passcode is hard to guess by anyone.
— — Enable two-factor authentication.. Use two-factor authentication for the online account that provides it. This basically requires confirmation of two forms of ID before logging in to your account. Suppose you enter your Facebook account username and password. That is step 1. Facebook then asks you to enter the temporary code generated by the authentication app. That is step 2. With this protection, even if an abuser uses stalkerware to find your password, you will not be able to log in without that code.
— — For iPhone, please check the settings.. According to mobile security firm Certo, the new stalker app, WebWatcher, uses a computer to wirelessly download a backup copy of the victim’s iPhone data. To protect yourself, open the Settings app and[一般]Look at the menu to see if iTunes Wi-Fi Sync is turned on. Disabling this will prevent WebWatcher from copying data.
Apple He said this is not considered an iPhone vulnerability because the attacker needs to be on the same Wi-Fi network and have physical access to the victim’s unlocked iPhone.
— — Start anew.. Buying a new phone or erasing all data from your phone and starting anew is the most effective way to get rid of stalking wear from your device.
— — Update software.. Apple Google regularly publishes software updates that include security fixes that can remove stalkerware. Make sure you are running the latest software.
Brian X. Chen @ c.2021 The New York Times Company
The number of “stalker wear” apps is increasing rapidly. Protect yourself.
Source link The number of “stalker wear” apps is increasing rapidly. Protect yourself.