The number of users infected with stalkerware went up by almost 40% in 2019, from 40,386 in 2018, to 67,500 this year, Russian antivirus maker Kaspersky said today in its yearly mobile malware threats report.
The number went up in 2019 despite the fact that Google set off on a concerted effort to remove all stalkerware-like apps from the Play Store at the end of 2018.
This shows that despite stalkerware apps not being available on the official Android app store, many abusers are now going to great lengths to side-load (install) these apps from unofficial sources, such as manually downloading the app from its website and secretly installing it on a victim's handset.
Kaspersky's numbers, however, don't go back years, so we don't have a full picture of how this ecosystem evolved.
The antivirus vendor only began detecting and marking stalkerware apps in the spring of 2018, after pressure from Eva Galperin, the Electronic Frontier Foundation's director of cybersecurity.
Other vendors followed in Kaspersky's footsteps, and most are now members of the Coalition Against Stalkerware, a multi-industry group specialized in fighting the harmful effects of this kind of apps.
The term stalkerware (also known as spouseware) refers to a certain type of apps, many of which also have legitimate use cases, but are also often abused to spy or stalk victims.
In a typical scenario, abusers install these "stalkerware" apps on the personal devices of their loved ones, such as wives, husbands, girlfriends, boyfriends, children, work colleagues, secret crushes, and so on.
Abusers use the apps and their capabilities to track loved ones' movements, read private conversations, retrieve recent photos, track web browsing history, see SMS and call history, and generally keep an eye on victims at all times.
In many cases, the use of stalkerware is often followed by physical or emotional abuse.
For a long time, these types of apps were considered a normal part of the app ecosystem and were accepted on the Play Store, despite containing pretty obvious spyware-like features.
Nowadays, most antivirus vendors detect apps from most known stalkerware devs and will show a clear warning when they're installed on a device.
The warning isn't just a generic malware alert, but a message that warns victims about the severe nature of a stalkerware detection and the danger the victim might be in.
Other findings from Kaspersky's yearly mobile malware report include:
- The number of detected adware installation packages almost doubled from 2018.
- Kaspersky researchers have detected a third attack employing the Android Accessibility service being used to steal banking credentials.
- For three consecutive years, Kaspersky says they've seen an overall decline in the number of mobile threats distributed as installation packages.
- Iran is the country with the most Android malware alerts. 60% of all of Kaspersky's Iranian users installed a malicious app on their phone in 2019.
- The HiddenAd adware family was 2019's most prevalent malware threat.
- In 2019, Kaspersky detected 68,362 Android apps infected with a mobile ransomware strain. Quarterly detections declined towards the end of 2019, suggesting Android ransomware is losing its popularity.