Stalkerware Detection
September 6, 2023
ID 240276
Some legitimate applications can be used by criminals to steal your personal data and spy on you. Most of these applications are useful, and many people benefit from using them. These applications include IRC clients, autodialers, file downloaders, system activity monitors, password management utilities, FTP, HTTP, or Telnet servers.
However, if criminals get access to these apps on your computer or manage to covertly deploy them there, they will be able to use some of the functionality to steal your personal data or commit other illegal actions.
You can read about different types of stalkerware below.
Types of stalkerware
Type | Name | Description |
Client-IRC | IRC clients | People install these apps to communicate with each other in Internet Relay Chats (IRC). Criminals can use these apps to spread malware. |
Dialer | Autodialers | Can covertly establish phone connections over a modem. |
Downloader | Downloaders | Can covertly download files from web pages. |
Monitor | Monitor apps | Allow monitoring the activity of the computer on which they are installed (tracking which applications are running and how they are exchanging data with apps on other computers). |
PSWTool | Password recovery tools | Enable users to see and recover forgotten passwords. Criminals secretly deploy these apps on people's computers for the same purpose. |
RemoteAdmin | Remote administration tools | Widely used by system administrators to get access to remote computers' interfaces to monitor and control them. Criminals covertly deploy these apps on people's computers for the same purpose, to spy on remote computers and control them. Legitimate remote administration tools are different from backdoors (remote control Trojans). Backdoors can infiltrate a system and install themselves there on their own, without the user's permission, whereas legitimate apps do not have this functionality. |
Server-FTP | FTP servers | Operate as FTP servers. Criminals can deploy them on your computer to open remote access to it using the FTP protocol. |
Server-Proxy | Proxy servers | Operate as proxy servers. Criminals deploy them on a computer to use it for sending out spam. |
Server-Telnet | Telnet servers | Operate as Telnet servers. Criminals deploy them on a computer to open remote access to it using the Telnet protocol. |
Server-Web | Web servers | Operate as web servers. Criminals can deploy them on your computer to open remote access to it using the HTTP protocol. |
RiskTool | Local tools | They give users additional capabilities for managing their computers (enabling them to hide files or active application windows, or to close active processes). |
NetTool | Network tools | They give the users of computers on which they are installed additional capabilities for interacting with other computers on the network (restart remote computers, find open ports, launch applications installed on those computers). |
Client-P2P | P2P network clients | Enable people to use P2P (Peer-to-Peer) networks. They can be used by criminals to spread malware. |
Client-SMTP | SMTP clients | Can covertly send emails. Criminals deploy them on a computer to use it for sending out spam. |
WebToolbar | Web toolbars | Add search engine toolbars to the interface of other apps. |
FraudTool | Fraudware | Imitates other applications. For example, there is anti-virus fraudware which displays notifications of discovering malware on a computer, whereas they actually neither find nor clean or fix anything. |
If stalkerware protection is enabled, we will warn you of any attempts to access your location data, your messages, or other personal data.
You can enable stalkerware protection on the Threats tab of the application settings window by selecting the Stalkerware and software that can be used by intruders to damage your computer or personal data check box in the Categories of objects to detect section.