Stalkerware and its security risks to enterprises
- Stalkerware apps can snoop and track one’s location, record audio through the phone’s microphone, record web browsing activity, and record keystroke.
- Some perfectly legitimate, useful and necessary apps can be turned into Stalkerware if they are abused.
Stalkerware apps are considered a major threat as they can extract various sensitive data of an individual or an enterprise without their consent or knowledge. These apps can snoop and track one’s location, record audio through the phone’s microphone, copy and transmit text messages, send call logs, record web browsing activity, record keystroke and more.
With so many spying capabilities included in such apps, Stalkerware can be also a major threat to enterprises.
Types of Stalkerware apps
Stalkerware apps fall in different categories:
- Some perfectly legitimate, useful and necessary apps can be turned into Stalkerware if they are abused. For example, by gaining physical access to a smartphone, threat actors can change all apps on a user’s smartphone into spy apps. Later, these apps can be used to share the location, steal emails and text messages from the victim’s device.
- Some legitimate apps designed to monitor the behavior and activities of kids can be abused by stalkers for spying on adults.
- Some of these apps require that the phone be jailbroken and a victim may be unknowingly using a jailbroken phone without knowing a breach has occurred.
Stalkerware poses a threat for enterprises
Stalkerware tools can have various impacts on an organization:
- The first is directly spying on a company.
- A malicious actor can their hands on the smartphone of someone in the organization who is responsible for handling sensitive company information. This can later allow them to monitor communications, capture keystrokes and listen to meetings and conversations.
- After the data is harvested the shady app, attackers can either put it on sale on the dark web or use it directly for industrial espionage. The compromised data can also be used as fodder for social engineering.
Combating Stalkerware threat
One essential tactic to protect a business against Stalkerware threat is monitoring outside connections. In addition, employees should be advised to:
- Not leave their smartphones unattended;
- Always delete unused apps;
- Periodically search for suspicious apps and activity on phones;
- Use a good strong password manager and never share passwords with anyone.