Tech

Kaspersky Lab Will Now Alert Users to 'Stalkerware' Used In Domestic Abuse

Antivirus company Kaspersky Lab announced that its Android security product will now mark all stalkerware apps as malware, prompting users to delete them.
A person holds a cellphone in their hand.
Image: Shutterstock

Tens of thousands of people all over the world have been spied on with malware sold to consumers for less than $100, as Motherboard has shown over the years. In some of these cases, the hackers are the victim’s spouses or intimate partners, making this one of the most dangerous forms of hacking as it enabled domestic abuse.

Now, Kaspersky Lab, one of the largest antivirus companies in the world, is doing something about it.

Advertisement

The company announced on Wednesday that its Android security product will start alerting users that their phones have this kind of malware—sometimes called stalkerware or spouseware—installed on their phones.

Kaspersky Lab Stalkerware Alert

A screenshot of Kaspersky Lab’s alert to people targeted with stalkerware. (Image: Kaspersky Lab)

“We decided to review how our own products treat such software. As a result, we now flag commercial spyware with a specific alert which warns users of the dangers stalkerware poses,” Alexey Firsh, a security researcher at Kaspersky Lab said in a press release. “We believe users have a right to know if such a program is installed on their device.”

A study by researchers from New York University and Cornell University last year showed that most antivirus products are ineffective at detecting stalkerware as malware. This is perhaps because—in theory—these apps can be used legally by parents monitoring their kids or employers keeping an eye on their employers on company-issued devices.

Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzofb@motherboard.tv

Kaspersky Lab said that it detected stalkerware on 58,487 cell phones in 2018. This is likely just a portion of the total number of people who have been targeted with stalkerware, given that Kaspersky Lab’s antivirus is installed only on a fraction of Android devices. In 2017, hackers breached stalkerware companies FlexiSpy and Retina-X, sharing the stolen data with Motherboard. In those two cases, the data showed that those apps were installed on 130,000 cell phones.

The company’s new alert came after some lobbying from Eva Galperin, the head of cybersecurity at the Electronic Frontier Foundation, as she told Motherboard. Galperin has studied stalkerware and helped domestic abuse victims and human rights activists for years. She hopes Kaspersky Lab’s new policy can push other companies to follow suit.

“I would really like to see other [antivirus] companies follow suit, so that I can recommend them instead of just one company that has shown that they are committed to doing this,” Galperin told Motherboard in a phone call last week. “I’d like to see this be the industry standard so it doesn't matter which product you're downloading.”

Listen to CYBER, Motherboard’s new weekly podcast about hacking and cybersecurity.