On 9 February, the fourth season of the popular Netflix series, You, starts, with viewers tuning in once again to follow the exploits of Joe Goldberg, an obsessive young man going to extreme lengths to insert himself into the lives of those he is transfixed by. Although Joe has made viewers’ hearts beat faster since the show first aired in 2018, the romanticization of his behavior raises serious issues about the unacceptable problem of stalking – both online and offline – in our society.
A common form of digital stalking is so-called stalkerware, a commercially available software that can be discreetly installed on smartphone devices. Along with other technologies, stalkerware is often used in abusive relationships, enabling perpetrators to monitor an individual’s private life without their knowledge. Stalkerware has also been connected to other forms of violent behavior.
Stalkerware figures: 2022
According to Kaspersky, 29,312 people worldwide were affected by stalkerware in 2022. Cases in all countries show that stalkerware is a global phenomenon that is currently affecting all societies, with the Coalition Against Stalkerware estimating that the use of this form of software worldwide could be close to one million cases annually.
“It is important that we do not romanticize the behavior as seen in You, but instead denounce it for what it is— stalking. Regardless of whether it is happening online or digitally, stalking and stalkerware is a form of violence,” says Christina Jankowski, Senior External Relations Manager at Kaspersky.
“There are real-life stories behind the numbers of those affected which is why it is important to take active action against it. To gain a better understanding of stalkerware, Kaspersky is sharing insights with the global cyber community and aiding organizations in the fight against digital stalking. All relevant data and information on this issue must be shared for the benefit of those affected by cyber violence to further improve the level of detection and protection,” adds Jankowski.
“Stalking is a criminal, traumatic, and dangerous offense. Yet movies, TV, and music consistently present stalking as desirable, cute, sexy, and/or flattering – but in real life, it’s unwanted, terrifying, and illegal,” comments Karen Bentley, CEO at WESNET.
“As the peak body for Specialist Women’s Domestic and Family Violence Services in Australia, we work with many victim support organizations where survivors come to seek help with this problem. Hence, it’s so important to build the capacity of these organizations and educate the public that this type of behavior is unacceptable. To that end, we are pleased to be working with Kaspersky and all of the partners from the Coalition Against Stalkerware,” says Bentley.
Practical Help: Coalition Against Stalkerware and TinyCheck
In 2019, Kaspersky alongside nine other companies and organizations founded the Coalition Against Stalkerware, which today counts more than 40 members worldwide. The Coalition’s mission is to improve the detection of stalkerware, combat domestic violence, promote knowledge sharing among non-profit organizations and companies, and raise public awareness about the problem.
Kaspersky’s consumer security solutions protect against stalkerware, regularly scanning devices and displaying suitably clear warnings, including recommended actions if detected.
Furthermore, Kaspersky has developed the free open-source tool, TinyCheck, which enables the detection of stalkerware in a simple, fast, and non-invasive way on an affected device without alerting the perpetrator. TinyCheck is secure in its use by help organizations and it does not read the contents of an individual’s communications (such as SMS or emails). It only interacts with the online servers/IPs connected to the smart device. TinyCheck does not know whom an individual is communicating with or what is being said, and the network record of the analyzed device is not shared with either Kaspersky or third parties who receive this data. All analysis is carried out locally.
Kaspersky recommendations for those affected by stalkerware
- Reach out to a local support organization: to find one close to you, check the Coalition Against Stalkerware website www.stopstalkerware.org/. The website also includes an explanation video, which provides helpful information for victims to better recognize the warning signs of stalkerware and recommends further steps and behaviors to take or avoid.
- Do not try to erase the stalkerware, change any settings or tamper with your phone This may alert your potential perpetrator and lead to an escalation of the situation. You also risk erasing important data or evidence that could be used in a prosecution.
- Keep an eye out for warning signs including fast-draining battery due to unknown or suspicious apps using up their charge and newly-installed applications with suspicious access to use and track your location or with otherwise not logically explicable functions; inexplicable detailed knowledge of third parties.
- Check if your “unknown sources” setting is enabled, as this may be a sign that unwanted software has been installed from a third-party source. It is important to note that the above signs are only symptoms of possible stalkerware installation, not a definitive indication.
- Use a proven cybersecurity solution such as Kaspersky Free on Android. However, if there is a suspicion that a stalkerware is already running on the smartphone, this should only be done after a risk assessment of the person concerned – preferably together with a support organization – otherwise, the perpetrator might notice the newly deployed cybersecurity solution.
Kaspersky recommendations for protection against stalkerware on mobile devices
- Protect your phone with a strong password that you never share with your partner, friends or colleagues.
- Regularly check the permissions of installed apps: Stalkerware apps can be disguised under a fake app name.
- Delete apps that are rarely or never used.
- Check personal browsing history: In order to download stalkerware, the perpetrator must visit websites that the affected user probably does not know. Alternatively, there could be no history at all if the perpetrator has deleted it.
- Deploy a proven cybersecurity solution that protects against all types of mobile threats and checks the device regularly.