Kaspersky Small Office Security

Detection of stalkerware and other applications

October 3, 2023

ID 222844

Some legitimate applications can be used by criminals to steal your personal data and spy on you. Most of these applications are useful, and many people benefit from using them. These applications include IRC clients, autodialers, file downloaders, system activity monitors, password management utilities, FTP, HTTP, or Telnet servers.

However, if criminals get access to these apps on your computer or manage to covertly deploy them there, they will be able to use some of the functionality to steal your personal data or commit other illegal actions.

Below you will information about various types of software that criminals can use.

Type

Name

Description

Client-IRC

IRC clients

People install these apps to communicate with each other in Internet Relay Chats (IRC). Criminals can use these apps to spread malware.

Dialer

Autodialers

Allow covertly establishing phone connections over a modem. Criminals can use software of this type to make calls from the user's device, which can cause financial damage to the user.

Downloader

Downloaders

Allow covertly downloading files from web pages. Criminals can use such software to download malware to your computer.

Monitor

Monitor apps

Allow monitoring the activity of the computer on which they are installed (tracking which applications are running and how they are exchanging data with apps on other computers). Criminals can use these to spy on the user's device.

PSWTool

Password recovery tools

Enable users to see and recover forgotten passwords. Criminals secretly deploy these apps on people's computers for the same purpose.

RemoteAdmin

Remote administration tools

Widely used by system administrators to get access to remote computers’ interfaces to monitor and control them. Criminals covertly deploy these apps on people's computers for the same purpose, to spy on remote computers and control them.

Legitimate remote administration tools are different from backdoors (remote control Trojans). Backdoors can infiltrate a system and install themselves there on their own, without the user's permission, whereas legitimate apps do not have this functionality.

Server-FTP

FTP servers

Operate as FTP servers. Criminals can deploy them on your computer to open remote access to it using the FTP protocol.

Server-Proxy

Proxy servers

Operate as proxy servers. Criminals deploy them on a computer to use it for sending out spam.

Server-Telnet

Telnet servers

Operate as Telnet servers. Criminals deploy them on a computer to open remote access to it using the Telnet protocol.

Server-Web

Web servers

Operate as web servers. Criminals can deploy them on your computer to open remote access to it using the HTTP protocol.

RiskTool

Local tools

They give users additional capabilities for managing their computers (enabling them to hide files or active application windows, or to close active processes). This group includes miners that can be covertly installed and consume large amounts of computational resources. Criminals can use all actions described above to conceal malware installed on your device or make its detection harder.

NetTool

Network tools

They give the users of computers on which they are installed additional capabilities for interacting with other computers on the network (restart remote computers, find open ports, launch applications installed on those computers). All actions listed above can be used for malicious purposes.

Client-P2P

P2P network clients

Enable people to use P2P (Peer-to-Peer) networks. They can be used by criminals to spread malware.

Client-SMTP

SMTP clients

Can covertly send emails. Criminals deploy them on a computer to use it for sending out spam.

WebToolbar

Web toolbars

Add search engine toolbars to the interface of other apps. Often spread with the help of malware or adware.

You can enable protection from stalkerware and other applications that can be used by criminals, and we will warn you if we discover such applications.

To enable protection from stalkerware and other applications:

  1. Open the main application window.
  2. Click Settings button in the lower part of the main window.

    This opens the Settings window.

  3. Go to Security settingsExclusions and actions on object detection.
  4. In the Stalkerware and other applications section, select check boxes:
    • Detect stalkerware

      For protection from applications that help criminals gain access to your location, messages, or websites and social networks you visit.

    • Detect legitimate apps that intruders can use to damage your computer or personal data

      For protection from applications that criminals can use to download malware to your computer or use your computational resources for their nefarious purposes. Kaspersky Small Office Security does not detect remote administration applications that are considered as trusted.

If these check boxes are cleared, you may receive notifications about some applications from the table above because they are included in special categories and are processed by default regardless of application settings, for example: RemoteAdmin, PSWTool, Monitor.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.