The anti-virus industry has teamed up with victim support groups in a new anti-stalkerware alliance focused on shutting down the malicious surveillance apps.
The Coalition Against Stalkerware features Kaspersky, Norton, Avira, G Data and Malwarebytes alongside the Electronic Frontier Foundation (EFF), the National Network to End Domestic Violence, Operation: Safe Escape and other domestic violence groups.
Its focus will be on providing support for victims of stalkerware, consumer education about how it works and how to remove it, developing best practices for ethical software development, and encouraging AV vendors to build detections into their products.
The first stage of this work was to create a proper definition of the malicious software category, distinguishing it from legitimate surveillance software. Stalkerware is a type of monitoring tool downloaded secretly to a victim’s device, where it spies on their communications, location, photos and web browsing.
“This malicious software is being marketed as a way to check if your partner is cheating on you, or monitor teens and children, but the truth is spyware is explicitly marketed to stalkers and bad actors,” said EFF cybersecurity director Eva Galperin. “The apps have made it all too easy for domestic abusers and violent ex-partners to intimidate, threaten, and invade safe spaces of their targets, who are at risk of physical abuse.”
Available mainly via dedicated websites, stalkerware is usually not to be found on app stores, although it can slip through the filters to make its way onto Google Play and other marketplaces.
Still, the most recent figures from Kaspersky revealed the number of its users with stalkerware on their devices rose by 35%, from 27,798 in 2018 to 37,532 so far in 2019.
“Our cell phones contain intensely private information, and having full access to them is like having full access to our minds,” concluded Galperin.
“We want to see these apps disabled, disrupt development of new ones, and have stalkerware operators and abusers prosecuted and even jailed for illegally accessing and collecting highly personal, private digital information.”