No one can assure you of your privacy while you are online. Prying eyes in the form of malicious software, called spyware, often follow your online activity to track your information. Spyware is one of the oldest malware that secretly spreads on your computer without your permission to initiate multiple malicious activities. Here we have all that you need to know about Sypware – what it is, how you get it, how it is harmful, and how to deal with it. Much like our previous article i.e., in part -1 of the malware series, where we discussed Trojan, here in this article, we shall discuss spyware and everything related to it.
What Is Spyware?
Spyware is a generic term for malicious software that infiltrates your device to steal sensitive information, often without your knowledge. The information gathered will be given to advertisers or external users for monetary benefits. It is sneaky because it asks for no permission and gets onto your computer without your knowledge. It might be that it comes attached to a legitimate program that you download without reading the fine print. In such cases, spyware inadvertently takes your permission to self-install on the system based on your consent to the terms and conditions.
No matter how spyware gets on your system, it runs silently in the background and performs its task of monitoring your activities and gathering sensitive information to trigger malicious activity and make your system vulnerable. The malicious activities include tracking of personal email credentials, screenshots, keystrokes, internet usage information, bank transactions, authentication details, web data, and other personal details.
If you have ever been a victim of identity theft, then you are not alone. According to Norton Cyber Security Insights Report Global Results, over 978 million people in 20 countries were affected by cybercrime in 2017. 
The Darkhotel Attack
Kaspersky has identified a type of spyware attack induced by a strong actor named Darkhotel who daringly performed many successful attacks on high-profile individuals checking into elite hotels. The attacker employed methods and techniques which were beyond typical cybercriminal behavior. Darkhotel actor was competent, with mathematical and crypto-analytical offensive capabilities. The capabilities and resources that the threat actor had were enough to abuse trusted commercial networks. Using existing resources, the actor could target specific victim categories with strategic precision.
The attack was initiated through the wi-fi connection, where to connect to the wi-fi connection at the hotel, the guest submitted their surname and room number to the reception. This is when the attacker offers an update for legitimate software like Google, MSN, Facebook, etc. As soon as the guest opts to update the software, Darkhotel gains access to a set of tools like Firefox, Chrome, or Internet Explorer and collects the data, hunts for cached passwords and sensitive information. The threat actor also stole login credentials of the guests’ email accounts, social media accounts, etc. 
Spyware is a real threat to individuals and businesses as it can steal sensitive data and harm your computer. It is one of the of common threats and can easily spread across the network too. It works in the background so smartly that it is quite difficult to identify its presence.
Types of Spyware:
The intention of the attackers defines the functionality of the spyware threat and based on it, the spyware is developed in any of the following ways:
Password Stealers: This type of spyware is designed to steal credentials stored on web browsers, login details, and critical information. The spyware either stores the passwords on the same system as directed by the attacker or transmits to the remote server outside.
Adware: Some spyware track your browser history to understand the type of products or services you are interested in browsing. Accordingly, the adware displays advertisements to entice you to check-out and make a purchase. It is often used for marketing, but adware will more likely slow down your system.
System Monitors: This type of spyware monitors your system for keystrokes, chat-room dialogs, emails, history of websites visited, and other programs that you run. They are disguised as freeware and can capture almost everything you do on your computer.
Tracking Cookies: These cookies are meant for marketing purpose, to track the user’s web activities such as search history, download preferences, etc.
How do you get spyware?
Like other malware, spyware also infects your systems through a virus, worm, trojan, etc. A few common techniques that spyware uses to infect your system are:
Spyware developers make their product appear as a useful tool to download viz., hard disk drive cleaner, download manager, internet accelerator, etc. This is a type of marketing gimmick to attract the viewers to click or download the program. Beware of such programs as installing them would invite an inadvertent spyware infection. Later, when realizing that it is “bait”, even on uninstalling the program, the spyware won’t get deleted and it continues to function in the back.
Ensure a strict “no-no” of clicking on attachments or links to websites in unfamiliar websites. Even visiting such malicious websites or performing any action on a pop-up window, the spyware downloads in the back with a self-executable file. One wrong click on the browser may allow a suspicious program to install on your computer and make it vulnerable.
Mobile Phone Spyware
As mobiles are now active users of the internet, spyware in mobiles is commonly seen. Due to its smaller screen and limited visibility, spyware runs in the background without being noticed. Both Android and Mac devices become infected if you install any app that carries malicious code. Spyware developers can also install malicious apps on your mobiles secretly while stalking unsuspected victims.
Freeware, trojans, virus, worms, etc. also spread spyware in addition to their regular malicious functions.
History of Spyware
The term spyware dates back to 1996 when it appeared publicly in an industry article. Within three years, it became a hit in the mass media and among audiences. In the year 2000, the first anti-spyware application was also released. In a survey performed by America Online and the National Cyber-Security Alliance in 2004, it was observed that  –
- 80% of internet users have their system infected by spyware.
- 89% of computer users were unaware of the existence of spyware.
- About 95% of the users confessed that they never granted permission to install the spyware.
Increasingly, the Windows operating system is the favorite target of spyware developers, as it is most commonly used across the world. Mobile devices and now Apple platform are of recent interest for spyware applications.
According to Juniper research, cybersecurity breaches would result in the compromise of 146 billion records by 2023 and more than half of all the data breaches of the world to occur in the U.S. by 2023. 
What to do if you get infected?
Unless you are tech-savvy, you will not know when spyware infiltrates your device. But if you suspect that one might be present, you can clean the system and install an anti-spyware software so that new passwords are not compromised. Having an aggressive spyware removal technology cleans up spyware from the disk and changes settings to the original format.
After you have performed the cleaning and other defensive measures have been followed, contact your financial institutions to warn them of potentially malicious activity. Also, report the same to law enforcement agencies and make public disclosures based on the type of data compromised. If the compromised data is sensitive like personal information, audio and video files, images, etc. you should report it to local law-enforcement authorities on violation of federal and state laws.
Protecting yourself from spyware
‘Awareness’ is the best defense against spyware as well as against other types of malware. Follow these steps to self cyber defense –
- Download files which are from a trusted source
- Don’t access/ open emails from unknown senders
- Before clicking on any link, place your mouse over the link to verify the website address
- Install a robust cybersecurity program to counter advanced spyware
- Install a cybersecurity program that provides real-time protection that blocks spyware and other threats before it is activated on your computer
There are many anti-malware products available in the market that block the delivery of spyware on your system. These products also block access to websites that host spyware and the programs that contain malicious code. Having such programs installed on the system is a preferred precautionary measure against a spyware attack.
Spyware is critical malware that works as a spy on your device. Now that we have learned about the hidden malware i.e., spyware, in our next article we shall be talking about the most dangerous of all malware attacks, ‘Ransomware’. Stay tuned!
Do you want to learn more about cybersecurity and such malwares? Join EC-Council University and become a certified Bachelor of Science in Cybersecurity (BSCS). The two-year program is completely online, and it prepare students with required knowledge on cybersecurity and assurance. More details about the program can be picked up from our BSCS page.
Sources: https://us.norton.com/internetsecurity-how-to-catch-spyware-before-it-snags-you.html  https://www.kaspersky.com/blog/darkhotel-apt/6613/  https://www.malwarebytes.com/spyware/  https://www.businesswire.com/news/home/20180808005033/en/Juniper-Research-Cybersecurity-Breaches-Result-146-Billion