Spyware: what is it and what does it do?

Cyber takes a look at spyware following recent reports that 50,000 international journalists, lawyers and rights activists were targeted following a leak.

Fifty thousand phone numbers of people believed to be of interest to clients of Israeli surveilance firm NSO have been leaked to major news outlets according to recent reports. The allegations about use of the software, known as Pegasus, were carried by the Washington Post, the Guardian, Le Monde and 14 other media organisations around the world, according to the BBC. 

It is not clear where the list came from or whose phones had actually been hacked and NSO denies any wrongdoing. It says the software is intended for use against criminals and terrorists and is made available only to military, law enforcement and intelligence agencies from countries with good human rights records.

In a statement, it said the original investigation which led to the reports, by Paris-based NGO Forbidden Stories and the human rights group Amnesty International, was "full of wrong assumptions and uncorroborated theories".

Pegasus infects iPhones and Android devices to enable operators to extract messages, photos and emails, record calls and secretly activate microphones. Forensic tests on a few phones with numbers on the list indicated more than half had traces of the spyware.

What is spyware?

According to cybersecurity giant Kaspersky, spyware is loosely defined as malicious software designed to enter your computer device, gather data about you, and forward it to a third-party without your consent. Spyware can also refer to legitimate software that monitors your data for commercial purposes like advertising. However, malicious spyware is explicitly used to profit from stolen data.

Whether legitimate or based in fraud, spyware’s surveillance activity leaves you open to data breaches and misuse of your private data. Spyware also affects network and device performance, slowing down daily user activities.

All spyware peeks into your data and all your computer activity, whether authorised or not. However, many trusted computer services and applications use 'spyware-like' tracking tools. As such, the spyware definition is reserved mostly for malicious applications nowadays.

Malicious spyware is a type of malware specifically installed without your informed consent. Step-by-step, spyware will take the following actions on your computer or mobile device:

Infiltrate - via an app install package, malicious website, or file attachment.

Monitor and capture data - via keystrokes, screen captures, and other tracking codes.

Send stolen data - to the spyware author, to be used directly or sold to other parties.

In short, spyware communicates personal, confidential information about you to an attacker.

The information gathered might be reported about your online browsing habits or purchases, but spyware code can also be modified to record more specific activities.

Data compromised by spyware often includes collecting confidential info such as:

  • Login credentials — passwords and usernames
  • Account PINs
  • Credit card numbers
  • Monitored keyboard strokes
  • Tracked browsing habits
  • Harvested email addresses

The methods by which spyware gets onto your computer and mobile devices can vary.


Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI