We’re going to talk about something different today. We’re
going to talk about domestic abuse.
Earlier this year, cybersecurity company Kaspersky Lab announced that the latest upgrade to its Android app would inform users about whether their devices were running stealthy, behind-the-scenes monitoring apps sometimes referred to as stalkerware.
This type of software can track unsuspecting victims’ locations, record phone calls, peer into text messages and emails, pry into locally-stored photos and videos, and rifle through web browsing activity, all while hidden from view.
Though often, and shamelessly, advertised as a tool for parents to track the activity of their children, these apps are commonly used against survivors of domestic abuse.
It serves as no surprise. Stalkerware coils around a
victim’s digital life, giving abusive partners what they crave: control.
Electronic Frontier Foundation Cybersecurity Director Eva
Galperin, who pushed Kaspersky Labs into improving its product, told
Motherboard at the time of the company’s announcement:
“I would really like to see other [antivirus] companies
follow suit, so that I can recommend them instead of just one company that has
shown that they are committed to doing this… I’d like to see this be the
industry standard so it doesn’t matter which product you’re downloading.”
Malwarebytes stands up to this commitment, as we have for years.
But starting today, we’re going to do more than improve our stalkerware detection capabilities. We’re going to help survivors understand this danger and know what to do if they’re being digitally tracked.
Finding proof of stalkerware
Stalkerware presents a unique detection problem for its victims—it often hides itself from public view, and any attempt to find it could be recorded by the stalkerware itself.
Further, the US government has done little to help. Despite a previous FBI investigation that led to the court-ordered shut down of the stalkerware app StealthGenie, countless other stalkerware apps still operate today.
According to a new study by the University of Toronto’s research and public policy project CitizenLab, the most popular stalkerware apps today in the US, Canada, and Australia are FlexiSpy, Highster Mobile, Hoverwatch, Mobistealth, mSpy, TeenSafe, TheTruthSpy, and Cerberus.
Malwarebytes Labs has previously written about the technological signs of stalkerware—quickly-depleting battery life, increased data usage, and longer response times than usual—but we wanted to explore what stalkerware looks like from a behavioral aspect. We spoke to multiple domestic abuse networks and advocacy groups, and one troubling fact arose repeatedly:
Symptoms of stalkerware are not proof of stalkerware.
Erica Olsen, director of the Safety Net project for the
National Network to End Domestic Violence, said her organization consistently
hears stories from domestic abuse survivors who are struggling to explain how
their partners know about their phone calls, text message conversations,
emails, and even visited locations.
“Survivors could come to law enforcement and say ‘My ex knows about the text messages I sent, and I don’t know how they know that,’” Olsen said. But, she said, the signs don’t always guarantee the use stalkerware.
“Could the [recipient] have just told [the ex]?” Olsen said.
In determining the presence of stalkerware, Olsen said survivors
should assess several factors:
- Does their abusive partner have physical access
to their device—a common situation for couples who live together?
- Does their abusive partner know the passcode to
unlock a device—another situation that depends on whether an abusive partner
even allows for that level of agency and freedom from their victim.
- Can their abusive partner view call logs on
their device, learning who was called, how often, and for how long?
- Does their abusive partner know the content
of phone calls?
- For domestic abuse survivors who have physically
escaped their abuser, do their abusers still know about recently-taken
photographs, locations visited, and any information that is typically locked
behind an account or device passcode?
Further, Olsen said that domestic abuse survivors should
study how the private information is being used by an abuser.
“Abusers will end up hinting at all the things they know
that they shouldn’t know,” Olsen said. “That is the most frequent thing we hear
from survivors, advocates, and law enforcement—the number one thing is
identifying that an abuser knows ways too much.”
Olsen continued: “They know text messages, emails, they have
access to accounts logged into via [the survivor’s] phone. That’s when we
immediately have to start talking to survivors about what they think is safe.”
While every safety plan is unique, and every domestic abuse
situation nuanced, Olsen offered one top-level piece of advice that applies to
all survivors: Trust yourself. You know the feeling of being watched and controlled—whether
through physical, emotional, mental, or digital means. You should trust those
feelings and never discount your own concerns.
The following ideas do not present a catch-all “solution” to finding stalkerware on a device. Instead, they present information that will hopefully guide survivors toward safety.
Evaluate your own level of safety
Determining what is safe for you is crucial. What you
discover in this process can impact what other steps you take after learning
about or suspecting the presence of stalkerware on your device.
Ask yourself several questions about what steps you can
- Do you have people you can ask for support?
- Can you communicate with those people from a safe, non-monitored device?
- Can you change your social media account passwords?
- Can you change your own device passcode?
- Are you allowed to have a device passcode?
- Can you install antivirus and anti-malware programs on your own device?
- What would be the consequences of your abusive partner discovering that you are trying to get rid of stalkerware?
- Do you want to bring in law enforcement?
If all this seems overwhelming, remember that the National Domestic Violence Hotline is there to help.
Your every move might be recorded
When determining your own level of safety, it’s important to
remember that everything you do on your compromised device could be recorded
and watched by an abusive partner. That means your web browsing activity, your
text messages, your emails, and all of your written correspondence could be far
Know what apps are on your phone and what permissions they’re allowed
Olsen advised that domestic abuse survivors know what apps
are on their devices at any given moment. While this guideline does not
reliably catch hidden stalkerware apps, it does give you an opportunity to
understand what other apps might have been installed on your device in an
attempt to surveil you.
Remember, abusive partners do not need stalkerware to victimize
and control their partners. Instead, Olsen said, abusers can rely on technology
“The vast majority of our work is in looking at misuses of
general technologies that have 100 different good uses, that are never intended
to be misused,” Olsen said. “The ownership [of abuse] is always on the abuser
for their behavior. If you remove technology, you’re still going to have an
Shaena Spoor, program assistant with W.O.M.A.N. Inc.,
offered a couple of examples of technology misuses that she has heard about.
“We had some concerns with Snap Maps,” Spoor said about the Snapchat feature rolled out in 2017 that let users find their friends’ locations. Every user that agreed to share their location had their locations updated with every app use.
“For some people, they didn’t realize that locations had
been [turned] on,” Spoor said. “If you don’t use the app very often, you’re
just sitting on a map, super findable.”
Spoor said she also heard of domestic abuse survivors whose locations were tracked through the use of the location-tracking product Tile. Though sold to legitimately track luggage, wallets, and purses, domestic abusers can also sneak the small plastic device into your jacket or work bag. When the abuser loads up the Tile app, they can then get a real-time result of that device, and thus, your location.
“People use Tile, for example, and hide them in survivor’s
stuff,” Spoor said. “[Survivors] are showing up at domestic violence shelters
and finding it hidden in a bag.”
Create new online account logins and passwords from a safe device
This one comes straight from the National Network to End Domestic Violence’s Technology Safety project. You should think about making new account logins and passwords.
As one of the the Technology Safety project’s many resource said:
“If you suspect that anyone abusive can access your email or
Instant Messaging (IM), consider creating additional email/IM accounts on a
safer computer. Do not create or check new email/IM accounts from a computer
that might be monitored.”
The Tech Safety resource also advises you to open new
accounts with no identifying information, like real names or nicknames. This
step should be considered for all important online accounts, including your
banking and social media accounts.
Always remember to do this from a safe computer that is not
Factory reset or toss your device
Multiple organizations recommended that any stalkerware victim take immediate steps to toss, or wipe clean, their current device. There are a few options:
- Toss your device and buy a new one
- Factory reset your device
- Keep your compromised device, but purchase a new
phone that you use for confidential conversations
Olsen advised that every situation has its own unique
challenges, and she urged domestic abuse survivors to consider the potential
outcomes of whatever option they choose. She said her organization works
closely with domestic abuse survivors to come up with the best plan for them.
“We think about the abuser, who no longer has remote access
to [the survivor]—they will try to get physical access, and that is a real
concern which absolutely could happen,” Olsen said. “If the survivor thinks
that [might happen], we try alternatives—buying a pay-as-you-go phone, use it
to have critical conversations, private ones, but still keep the regular phone
for silly things and to keep the [abuser] at bay.”
Chris Cox, founder of Operation Safe Escape, which works
directly with domestic abuse networks and shelters and law enforcement to
provide operational and cybersecurity support, echoed similar advice.
“What we always advise, consistently, if an abuser ever had
access to the device, leave it behind. Never touch it. Get a burner,” Cox said,
using the term “burner” to refer to a prepaid phone, purchased with cash. “You
have to assume the device and the accounts are compromised.”
Further, Cox cautioned against survivors trying to wipe
stalkerware from a device, as it could introduce a “new vulnerability” in which
an abuser learns—through the stalkerware itself—that their victim is trying to
thwart the abuser.
Instead, Cox said, “whenever possible, the device is left
Approach law enforcement
Working with the police is a step taken by survivors who
want to take legal action, whether that means eventually obtaining a
restraining order or bringing charges against their abuser.
Because of this step’s nuance, you should take caution.
Olsen said that, of the successful attempts she has learned
of survivors working with local police, the survivors already have a firm
safety plan in place, and they have built a relationship with domestic abuse
shelters and advocates. She said that, together with their support network,
survivors have managed to get confessions out of their abusers.
But, Olsen stressed, trying to get an abuser to admit to
their abusive and potentially criminal behavior is not a step to be
“I do not suggest doing this in isolation, but if they’re
working with advocates, I have heard of some survivors strategically
communicating with abusers,” Olsen said. “It is amazing how many times abusers
admit to [using stalkerware].”
Also, survivors should be wary of how police can be used against
them, said Cox.
“Abusers, as a whole, are adept at using the law as a
weapon,” Cox said. “If a phone belongs to a victim, and it happens to be in the
abuser’s name, if the victim leaves and the abuser reports it stolen, [law
enforcement] are used as a weapon to track the victim down.”
Call the National Domestic Violence Hotline
If you find stalkerware on your device, or you have strong
suspicions about an abusive partner knowing too much about your personal
life—with details from text messages and knowledge of private photos—call the
hotline from a safe device.
The number for the National Domestic Violence Hotline is 1−800−799−7233.
The hotline’s trained experts can help you find the safest
path forward, all while maintaining your confidentiality.
Seek help from various online resources
If you want to find more information online, from a safe device, read through any of these resources about dealing with domestic abuse, stalkerware, and the misuse of technology:
- The National Domestic Violence Hotline
- The Survivor Toolkit – National Network to End Domestic Violence
- “12 Tips on Cell Phone Safety and Privacy” – National Network to End Domestic Violence
- “What Are Survivors’ Options for Free Phones?” – National Network to End Domestic Violence
- “Who’s Spying on Your Computer?” – National Network to End Domestic Violence
Malwarebytes has also written a few articles on types of technology, malicious or not, that are often abused to their victims’ detriment. Awareness of what’s out there and how it can be used against you can help you stay safe:
- Spyware installed on Android devices to stalk domestic abuse victims
- IoT domestic abuse: What can we do to stop it?
- When spyware goes mainstream
- Mobile Menace Monday: beware of monitoring apps
And if you are able to install an anti-malware program on your mobile device, running a scan with Malwarebytes for Android can help you detect and remove stalkerware apps—as well as keep a log of which apps were installed on your phone, which is valuable information if you choose to work with law enforcement.
We’re here for you. We care. And we’ll always do what we can to help users have a safe online—and offline—experience with technology.
Stay tuned for our next article in our stalkerware series, which will explore which monitoring apps are safe for parents to use, and which should be avoided. Stay safe.
The post Helping survivors of domestic abuse: What to do when you find stalkerware appeared first on Malwarebytes Labs.
Refer Here for Original Post and Source https://blog.malwarebytes.com/stalkerware/2019/07/helping-survivors-of-domestic-abuse-what-to-do-when-you-find-stalkerware/