Detection of stalkerware and other applications
December 26, 2023
ID 222844
Some legitimate applications can be used by criminals to steal your personal data and spy on you. Most of these applications are useful, and many people benefit from using them. These applications include IRC clients, autodialers, file downloaders, system activity monitors, password management utilities, FTP, HTTP, or Telnet servers.
However, if criminals get access to these apps on your computer or manage to covertly deploy them there, they will be able to use some of the functionality to steal your personal data or commit other illegal actions.
Below you will information about various types of software that criminals can use.
Type | Name | Description |
|---|---|---|
Client-IRC | IRC clients | People install these apps to communicate with each other in Internet Relay Chats (IRC). Criminals can use these apps to spread malware. |
Dialer | Autodialers | Allow covertly establishing phone connections over a modem. Criminals can use software of this type to make calls from the user's device, which can cause financial damage to the user. |
Downloader | Downloaders | Allow covertly downloading files from web pages. Criminals can use such software to download malware to your computer. |
Monitor | Monitor apps | Allow monitoring the activity of the computer on which they are installed (tracking which applications are running and how they are exchanging data with apps on other computers). Criminals can use these to spy on the user's device. |
PSWTool | Password recovery tools | Enable users to see and recover forgotten passwords. Criminals secretly deploy these apps on people's computers for the same purpose. |
RemoteAdmin | Remote administration tools | Widely used by system administrators to get access to remote computers’ interfaces to monitor and control them. Criminals covertly deploy these apps on people's computers for the same purpose, to spy on remote computers and control them. Legitimate remote administration tools are different from backdoors (remote control Trojans). Backdoors can infiltrate a system and install themselves there on their own, without the user's permission, whereas legitimate apps do not have this functionality. |
Server-FTP | FTP servers | Operate as FTP servers. Criminals can deploy them on your computer to open remote access to it using the FTP protocol. |
Server-Proxy | Proxy servers | Operate as proxy servers. Criminals deploy them on a computer to use it for sending out spam. |
Server-Telnet | Telnet servers | Operate as Telnet servers. Criminals deploy them on a computer to open remote access to it using the Telnet protocol. |
Server-Web | Web servers | Operate as web servers. Criminals can deploy them on your computer to open remote access to it using the HTTP protocol. |
RiskTool | Local tools | They give users additional capabilities for managing their computers (enabling them to hide files or active application windows, or to close active processes). This group includes miners that can be covertly installed and consume large amounts of computational resources. Criminals can use all actions described above to conceal malware installed on your device or make its detection harder. |
NetTool | Network tools | They give the users of computers on which they are installed additional capabilities for interacting with other computers on the network (restart remote computers, find open ports, launch applications installed on those computers). All actions listed above can be used for malicious purposes. |
Client-P2P | P2P network clients | Enable people to use P2P (Peer-to-Peer) networks. They can be used by criminals to spread malware. |
Client-SMTP | SMTP clients | Can covertly send emails. Criminals deploy them on a computer to use it for sending out spam. |
WebToolbar | Web toolbars | Add search engine toolbars to the interface of other apps. Often spread with the help of malware or adware. |
You can enable protection from stalkerware and other applications that can be used by criminals, and we will warn you if we discover such applications.
To enable protection from stalkerware and other applications:
- Open the main application window.
- Click
in the lower part of the main window.This opens the Settings window.
- Go to Security settings → Exclusions and actions on object detection.
- In the Stalkerware and other applications section, select check boxes:
- Detect stalkerware
For protection from applications that help criminals gain access to your location, messages, or websites and social networks you visit.
- Detect legitimate apps that intruders can use to damage your computer or personal data
For protection from applications that criminals can use to download malware to your computer or use your computational resources for their nefarious purposes. Kaspersky application does not detect remote administration applications that are considered as trusted.
- Detect stalkerware
If these check boxes are cleared, you may receive notifications about some applications from the table above because they are included in special categories and are processed by default regardless of application settings, for example: RemoteAdmin, PSWTool, Monitor.