What is spyware?

Spyware refers to any software that can be used to track or spy on your activity on a computer, mobile, tablet, or any other digital device.

Often, the term applies to malware that is installed on a computer with a malicious intent to watch a user's actions and replicate them in order to steal data or other information referring to a user. Whether it's the original hacker's intent or not, once a criminal has gained access via spyware, they are able to track anyone's actions on the computer - not just the owner's.

It's normally installed on a device without the user knowing and once it's running, it's often unlikely they'll be able to see anything different happening to their machine or mobile.

Using spyware, hackers can track keystrokes, the websites someone has visited, as well as usernames and passwords for those websites. Other sensitive information a user enters into fields, such as payment details, might also be tracked, with malicious actors aiming to breach accounts and carry out other fraudulent activities.

One of the reasons spyware can be such a problem is not only can it give criminals a way into your computer and the opportunity to steal data, but it can also significantly slow down a user's computer as it tracks everything you do.

Spyware can also be used to redirect web searches to questionable websites (used for phishing, for example), and change the settings of your computer, throttling bandwidth, memory and other processor tasks in the meantime.

There are times when software that acts like spyware is installed for reasons that are not just criminal. Organisations may install tracking software on corporate-owned hardware to track an employee's browsing habits. Parents may also use similar software to spy on their kids' online activity.

Spyware types

Spyware comes in many forms, from adware to keyloggers. Here are some of the most common types and how they work.

Adware

Cyber criminals use adware to spam users with unwanted adverts on their computers, smartphones, and tablets, allowing for the monitoring of users’ browsing activity and the selling of this data to advertisers. Adware is often embedded inside free apps, landing on a user’s device potentially without their knowledge, although software vulnerabilities can also be exploited to achieve the same result.

Keyloggers

With keylogging software, hackers can monitor every keystroke a user makes on their device. Collecting this information allows them to access usernames, passwords, text messages, emails, and other private information that is typed by the victim. Typically, keyloggers will appear in the form of software that hides on a user’s machine and swipes information as it is entered with a keyboard, although they can appear as hardware-based devices inserted into the USB port. Information collected is usually stored in a file and later transmitted to a malicious actor.

Rootkits

Rootkits are software programs that allow cyber criminals to gain control over a victim's computer without their knowledge. As the name suggests, rootkits are collections of tools (kits) that allow hackers to take over the admin (or root) account on a system. This means they can prove incredibly dangerous - the admin access allows hackers to disable programs, delete files, execute malicious software, record user activity, and exfiltrate data. The elevated privileges also allow for persistence, making it difficult to completely remove the infection.

Infostealer

As you can probably guess by its name, infostealers are used to log confidential information such as usernames, passwords, and web cookies before sending it back to the hacker. When cyber criminals get hold of this information, they may list it for sale on the dark web in order to make a profit.

System monitors

These are software programs that allow cyber criminals to monitor all user activity on a compromised device, including the websites and apps people access, emails sent and received, and lots more. They typically capture this information by logging keystrokes and taking screenshots in real time.

Examples of spyware

New spyware campaigns are constantly emerging, with one of the most recent being dubbed CapraRAT by security researchers at SentinelOne. This spyware mainly comes in the form of curated video browsing applications for Android devices. Researchers warned in July that the group had started targeting mobile gamers, weapons enthusiasts, and social media users with four new malicious apps.

In 2023, a spyware campaign dubbed Operation Triangulation was found on the iPhones of a number of people working for cyber security giant Kaspersky. The spyware is believed to have been spread through iMessage, in hope of stealing sensitive information stored on victims’ iPhones. Apple has since issued a security update for this zero-day flaw.

Mayur Upadhyaya — CEO of API security firm APIContext —  warns that spyware campaigns like CapraRAT and Operation Triangulation present a “persistent threat” to users.

“From annoying adware to dangerous keyloggers, rootkits, and info-stealers, spyware's diverse forms pose significant risks,” he says. “The rise of spyware, particularly targeting APIs, highlights the need for vigilance.”

How to protect a business against spyware

When it comes to preventing spyware, an effective method is to improve security protections on each endpoint. The installation of antivirus and antimalware tools will help prevent initial infections, while constant monitoring in the form of endpoint detection and response (EDR) will allow admins to spot and shutdown malicious activity.

Because spyware is often present in free apps and software, the enforcement of application policies that block certain third-party apps stores, and the creation of approved app lists, will help eliminate possible routes for malicious apps.

Software vulnerabilities also provide a means for cyber criminals to install spyware on compromised devices, so you should regularly perform software and security updates. A robust password policy, installing firewalls and virtual private networks, checking app permissions, and security awareness training that covers the dangers of clicking links or attachments in emails are just a few examples of additional measures you can take to limit the spread of spyware.

While many spyware variants can be prevented through good cyber hygiene, some are more difficult to mitigate. David Ruiz, senior privacy advocate at cyber security firm Malwarebytes, uses Pegasus — the spyware software created by Israeli cyber intelligence company NSO Group — as an example of a spyware that currently lacks a “known defense”.

He tells ITPro: “Deployed wantonly by dictatorships and abusive governments, Pegasus is difficult to detect even when it is on a device, and past victims who have worked with Amnesty International and Citizen Lab were forced to simply start over anew when learning that their devices were compromised.”