Spyware: Types, Working and Privacy Issues

What is spyware?

Spyware can be elaborated into two words “spy software”. As the name suggests, spyware is a spy software that once installed on a system gathers user data such as transactions, activity logs, personal data, sensitive information such as credit cards, passwords etc to the adversary who installed the software. 

Types of spyware

Some of the common types of spyware are as follows[1]:

Keyloggers

A keylogger monitors the key strokes on the keyboard and logs the keystrokes along with its sequence and therefore, everything that a user types gets logged thereby leaking important information.

Cookies

A browser cookie is used for various purposes such as showing ads, keeping track of user preferences or instantly logging into websites. A special type of cookie called web tracking acts as a spyware as in it tracks the user browsing history, login attempts etc. A skilled hacker can easily use these cookies to recreate user sessions and steal user data, hijack accounts etc.

Red Shell Spyware

This spyware is specific to the gaming industry. When a user downloads certain PC games this spyware gets automatically installed on the player’s PC and tracks her activities for improving gaming experience. Although this spyware is used for improving quality of service(QoS), the spyware is still being used without the user’s knowledge.

Adware

Adware also downloads itself secretly on the user’s computer or mobile phone. Its main purpose is to spy on the user’s browsing history and show certain advertisements while browsing the internet. 

How does spyware attack your system?

A Spyware once installed, often hides itself by disguising as legitimate software or piggybacking on other software installations. After it infiltrates the system, it executes covertly as a background process tracking web browsing activity, accessing confidential files, recording keystrokes and capturing personal information.

Fig1: The progression of a typical spyware attack

How to protect your smartphone and computer from spyware?

• Install an Anti-Spyware Tool: Anti-spyware tools detect and remove spyware.
• Keep Software Updated: Spyware often exploits vulnerabilities in outdated software. Regular updates can patch these vulnerabilities.
• Careful Download: Only download software or files from reputable sources. Unverified sources often bundle spyware with their downloads.
• Attention to Installation Prompts: Pay close attention to the prompts during software installation to ensure you opt-out of any offers or toolbars. Such toolbars are a common source of spyware.
• Learning and Training: Learn the common tactics used by cybercriminals to distribute spyware yourself and train those around you.
• Secure Your Browsing: Use a secure browser, going with the famous browsers in the market also works. Try to utilize encryption tools, and avoid suspicious websites.

How to detect spyware in your computer?

You can never be completely secure and so even after using numerous protective measures there are chances that spyware might still be snooping on your system. One can detect the presence of a spyware on their systems by monitoring the following Indicators of Compromise (IoCs):

1. Unexpected System Behavior
   1. Unusual system slowdowns
   2. Random crashes or freezes
   3. Settings (like your homepage) unexpectedly altered
2. Unauthorized Data Transmissions
   1. Unexpected spikes in data usage can hint at data being sent to a spyware controller.
   2. Monitoring network traffic can reveal data packets being sent to unknown or suspicious domains.
3. New and Unknown Processes
   1. Unexpected processes running in the background.
   2. Unknown applications or services starting up with the system.
4. Unusual Pop-Ups and Ads
   1. An influx of pop-up advertisements, even when not browsing the internet.
   2. Browser redirects to unfamiliar or malicious websites.
5. Security Software Tampering
   1. Antivirus or firewall applications getting disabled without user action.
   2. Inability to access security-related websites or update security software.
6. Unauthorized Account Activity
   1. Unexpected password reset emails or notifications of settings changes.
   2. Unfamiliar apps or devices connected to online accounts.   
7. Disk Activity Spikes
   1. Constant or unexpected hard-drive activity even when not in use.
   2. Unexplained depletion of disk space.
8. Browser Hijacks
   1. Unexpected toolbars, extensions, or plugins appear in your web browser.
   2. Attempts to reset your browser settings are unsuccessful, or they revert to the unwanted state.
9. Suspicious Files and Directories
   1. Unfamiliar files or directories discovered on your system.
   2. Auto-executable (.exe) files in unexpected locations.
10. Key Logging Symptoms
    1. Mysterious typing or mouse movements.
    2. Unintended input recognized, especially during sensitive operations like password input.
11. Unauthorized Access to Clipboard
    1. Clipboard data (things you’ve copied or cut) pasted without your intervention, or data you didn’t copy being available for pasting.
12. Mobile Device Indicators
    1. Sudden battery drain.
    2. Increase in mobile data usage.
    3. Unfamiliar applications or services installed.

How to remove spyware from your smartphone and computer?

If you identify any of these IoCs, it’s essential to act promptly:

1. Device Isolation: Disconnect the affected device from networks to prevent further data exfiltration.

2. Malware Scan: Run a comprehensible malware scan. Use a reputed security software to detect and eliminate threats.

3. Software Updates:  Ensure to keep your Operating Systems(OS), browsers, plugins, and other applications up-to-date with the latest versions.

4. Change Passwords: Promptly change the passwords of all your accounts especially for sensitive applications such as banking, social media and emails.

5. Monitor Account Activity: Regularly check account activities and set up alerts for any critical activity or unauthorized actions. 

6. Expert consultation: If you are unsure about the spyware’s complete removal, it is better to seek help from a cybersecurity expert.

How is spyware different from data collection tools? 

The differences between the two are consent and intention. While a spyware collects data without the user’s knowledge through illegitimate means, uses the data for his personal gain, and causes harm. The legitimate data collection tools and processes collect data only after user’s consent, by using standard procedures and use the data to improve the service quality or for other legitimate reasons [2]. For example, many websites track user’s activity for better customer support and improving the quality of their services. Most of them add such practices to their privacy policies. However, users have no say on how their information is collected, processed, shared and disposed of. 

Conclusion

Spyware is unregulated. Even for the so-called good spyware used for improving service the users cannot oversee how their data is collected and shared. As users it is imperative for us to remain informed, vigilant, and proactive. The digital era offers immense opportunities, but it’s crucial to navigate it with an eye on security. By understanding spyware’s intricacies, we can better equip ourselves to face and counter this silent observer in our digital journeys.