What is Stalkerware?
Stalkerware is hidden software that enables users to spy on people through their devices and is often used to constrain the partner. According to Kaspersky, there is an 18% yearly rise in Stalkerware usage on mobile devices in the META region alone.
Stalkerware involves keystroke loggers, location monitoring apps, invasive email, text readers, and remote access features that can take command of your webcam and microphone.
How to identify your device is running Stalkerware?
Although spying apps try to obscure themselves, most reveal their presence in one way or another. Below are some essential items to observe on your device(s) to know the existence of Stalkerware.
- Mobile data is running out quicker than expected.
- The battery is dying faster than usual.
- The device turns on geolocation, Wi-Fi, or mobile internet even though you turned them off.
If you have most of these concerns on your device, please follow the below steps based on your device type to validate it further.
Apple — Read about iOS permissions on Apple’s website and ensure each app is configured correctly.
Andriod — Check which apps have access to Accessibility (Settings -> Accessibility). Accessibility is one of the most potentially unsafe permissions in Android. Accessibility person allows apps to snoop on other programs, alter settings and do many other things substitute as the user. That makes the permission very convenient for spyware. Give that kind of access to your antivirus utility, but nothing else.
TinyCheck — The next step in Stalkerware detection
TinyCheck is an open-source initiative from Kaspersky. This software allows you to easily capture network communications from a smartphone or any device associated with a Wi-Fi access point to analyse them quickly. TinyCheck can check if any suspicious or malicious communication is outgoing from a mobile device using heuristics or specific Indicators of Compromise (IoCs).
Of course, TinyCheck can also spot any malicious communications from cybercrime to state-sponsored implants. It allows the end-user to push the extended Indicators of Compromise via a backend to detect ghosts over the wire.
Image from TinyCheck Github
Steps to Make it Work
Before the TinyCheck installation, you need to have:
A Raspberry Pi with Raspberry Pi OS or any computer with a Debian-like system. Two functional Wi-Fi interfaces and a working internet connection. Then head to the TinyCheck GitHub page to download and follow installation instructions.
Once installed, the operating system will reboot, and you’re all set to use TinyCheck.
Post-installation, TinyCheck can be accessed from http://tinycheck.local, a tunnel that helps the user throughout network capture and reporting. It allows the user to set up a Wi-Fi connection to an existing Wi-Fi network, creates a transient Wi-Fi network, captures the communications, and shows a report to the user in less than one minute.
About the Author:
Vinoth is a cybersecurity professional by heart with over two decades of experience in Information Technology and Cybersecurity. He is an Australian Computer Society (ACS) Senior Certified Professional in Cybersecurity and holds various industry-leading cybersecurity credentials. Vinoth loves to write about the latest cybersecurity happenings and blockchain-related articles.
