Redwood City, CA - July 8, 2020 – Avast (LSE:AVST), a global leader in digital security and privacy products, has found that there has been a 51% increase in the use of spy- and stalkerware since the lockdown in March until June in comparison to January and February 2020. In the US, since March, Avast has protected over 3,500 users from apps capable of spying, mostly stalkerware, with the monthly average up 62% vs. the first two months of the year. Stalkerware is unethical software that allows people to track someone's location, access their personal photos and videos, intercept emails, texts and app communications such as WhatsApp and Facebook, as well as eavesdrop on phone calls and make covert recordings of conversations over the internet, without the target's knowledge or consent.
This growing digital threat identified by Avast is set against a backdrop of an increase in domestic violence during lockdown, called a “shadow epidemic” of the coronavirus by Phumzile Mlambo-Ngcuka, Executive Director of UN Women.
Researchers in the US recently published an academic study examining the impact of the COVID-19 crisis on police calls for service for domestic violence. According to the report, the pandemic and accompanying public health response led to a 10.2 percent increase in domestic violence calls. The increase in reported domestic violence incidents began before official stay-at-home orders were put into place, is not driven by any particular demographic group, but does appear to be driven by households without a prior history of domestic violence. ¹
The increase in connected devices and the availability of stealthy spy- and stalkerware apps are another way for abusers to exert control over their victims who have been unable to leave their home due to coronavirus preventative measures, according to Erica Olsen, Safety Net project director for the National Network to end Domestic Violence (NNEDV), a social change organization dedicated to creating a social, political, and economic environment in which violence against women no longer exists.
“Stalkerware, which is designed to operate in stealth mode with no persistent notification to the user of the device, gives abusers and stalkers a robust and invasive tool to perpetrate harassment, monitoring, stalking, and abuse,” said Olsen. “This can be terrifying and traumatizing for the person. It also raises significant safety risks when the products allow the abusive person to track and locate the victim without their consent or knowledge. During this public health crisis, there have been several reports documenting the increased detection of stalkerware, which could be indicative of increased access to personal devices during lockdown or stay-at-home orders. It could also be reflective of an abuser increasing or changing their tactic if the victim is now actually out of the house more often, if they are an essential worker in healthcare, for example.
Jaya Baloo, CISO, Avast said, “Stalkerware is a growing category of domestic malware with disturbing and dangerous implications. While spyware and infostealers seek to steal personal data, stalkerware is different: it steals the physical and online freedom of the victim. Usually installed secretly on mobile phones by abusive spouses, ex-partners, so-called friends, and even concerned parents, stalkerware tracks the physical location of the victim, monitors sites visited on the internet, text messages and phone calls, undermining a person’s individual liberty and online freedom.”
“Across the globe, it’s been reported that the number of domestic violence cases have consistently increased during lockdown, and that tallies with what we’re seeing in this digital threat. We’re committed to doing all that we can to protect our users from this rising threat.”
It’s notable that among the entire range of spy- and stalkerware, Avast has also observed a number of COVID-19-related apps designed to spy on users, which collected more information about its users than required to function.
This increase in spy- and stalkerware since March 2020 is not just limited to the US; Avast has protected over 43,000 users from such malware across the globe. Country specific data indicates 3,531 users have been targeted in the United States, 3,332 in India, and 3,048 in Brazil.
In order to mitigate against the threat of stalkerware, the Avast team have provided some simple, actionable steps:
Rule #1: Secure your phone against all unauthorised physical access.
Smartphones are often left unprotected by their users. According to Pew Research, over a quarter of mobile users have no lock-screen protection on their smartphones whatsoever, and just over half use neither thumbprints nor PIN codes to keep their devices private. This makes it simple for a an abusive partner to secretly install stalkerware without being noticed. Equally, do not lend your unlocked phone to anyone unless you fully trust their intentions.It can take less than a minute to install a stalkerware app on a device.
Rule #2: Install a good, mainstream antivirus product on your mobile phone.
A good mobile antivirus will treat stalkerware as a PUP – a potentially unwanted programme – and give you the option to remove it. A mobile security product such as Avast Mobile Security will keep your mobile device secure from stalkerware in addition to other malware and potentially malicious apps. Avast worked with Google to remove eight of the biggest stalking apps from the Play Store last year. We are continuing this work as new developments in stalkerware arise, helping to keep users and devices one step ahead of the threats.
Rule #3: Look for hotlines and victims’ services providers.
However, if you don’t feel safe, trust your instincts. If you need to source help and support fast – you should not hesitate to seek it. Organizations such as Operation Safe Escape can help.
Operation Safe Escape is a victim support organisation that provides valuable support and education for victims of domestic violence and abuse, and can help with issues of personal, physical and digital safety. If it’s possible your device has been compromised by stalkerware, avoid using it to contact support. If you are able, use an anonymous device such as a library computer or a friend’s phone in order to avoid alerting the stalker.
¹ Leslie, Emily and Wilson, Riley, Sheltering in Place and Domestic Violence: Evidence from Calls for Service during COVID-19 (May 14, 2020). Available at SSRN: https://ssrn.com/abstract=3600646 or http://dx.doi.org/10.2139/ssrn.3600646