Spyware: Meaning, Detection and Removal

The Neeva Team on 09/30/21

In March 2021, an unidentified Saudi activist received a strange message on their iPhone, an image. But unlike a normal image, this one was invisible and allowed a piece of software to quietly creep onto the activist’s device, siphoning off their most sensitive communications, data, and passwords to servers around the world.

Spyware can collect everything from your browsing history, usernames and passwords, location, and financial information. It can even engage your camera and microphone, record your communications, and access your encrypted messages.

Six months later, Apple issued emergency software updates for a critical vulnerability after security researchers at Citizen Lab, a cybersecurity watchdog organization at the University of Toronto, discovered that without so much as a click the activist’s iPhone had been infected with highly invasive spyware called Pegasus, developed by NSO Group, an Israeli technology firm.

Using a method known as a zero-click remote exploit, Pegasus can, as a senior researcher at the Lab told The New York Times, “do everything an iPhone user can do on their device and more,” then send personal data back to its author. NSO Group claims that Pegasus is used only to “investigate terrorism and crime” and “leaves no traces whatsoever”, but as Amnesty International’s Security Lab Forensic Methodology Report shows, both of these statements are false.

Over 1.65 billion Apple products worldwide have been vulnerable to Pegasus since at least March 2021. Apple introduced new security defenses in the iOS 15 software update, which is now available. (Go to Settings > General > Software Update.)

The news may leave you wondering what spyware is, how to tell if you’re being spied on, and how to protect yourself against this pervasive form of malicious software—especially as your personal information becomes more entwined with your mobile device. You shouldn’t assume your personal data is secure.

What is spyware?

Spyware is a type of malware, an umbrella term for any kind of software designed to harm or exploit a programmable device, server, or network.

Spyware programs run in your system’s background. They observe your activity without your knowledge or permission, then send the data back to their authors. Spyware can collect everything from your browsing history, usernames and passwords, location, and financial information—and as Pegasus proves, it can even engage your camera and microphone, record your communications, and access your encrypted messages—more than enough to imitate your identity.

As Pegasus also shows, mobile devices—both iOS and Android devices—aren't immune to spyware. There are more than six billion smartphones worldwide today; cyber attackers are poised to take advantage of the growing mobile market and leverage their efforts. Think about it: your phone is a highly sophisticated handheld personal computer that follows you everywhere; it holds troves of valuable and intimate data; it takes pictures, records what you say, and tracks your every move. Now imagine these capabilities in the wrong hands.

The goal of spyware is to infiltrate your device, capture and send data, then remove itself, all while avoiding detection. In most cases, the spyware’s authors then leverage stolen data for money, although it may be used for other purposes, like surveillance. This means spyware is usually designed not to cause obvious system disruptions and other infection warning signs. Still, it’s possible to detect spyware if you know what you’re looking for. Unfortunately, it doesn’t come with a quick uninstall feature.

How to tell if someone is spying on you

Spyware is meant to stay hidden, but that doesn’t mean it’s completely undetectable. Here are a few telltales signs to look for on your device:

  • Poor system performance. While most spyware is designed to avoid detection, poorly designed versions can hamper your device’s performance by consuming a considerable amount of its resources. Spyware might be running in the background if you notice:
    • Your battery is draining quickly
    • Your device is running hot (even when you aren’t using it)
    • Your security programs are disabled
    • Issues with shutting down or random reboots
    • A sudden drop in processing speed or unwanted CPU activity
    • Lags when going between applications
    • High network traffic
    • Frequent crashing
  • Odd messages. Look out for unusual and unfamiliar incoming or outgoing messages, including text messages and emails, sometimes used by spyware to send and receive data. These are often coded and unreadable, and might be hidden commands from spyware.
  • Poorly functioning autocorrect. A type of spyware called a keylogger, which records your keystrokes, interferes with autocorrect.
  • Low screenshot quality. Malwarebytes reports that keyloggers might also  “subtly degrade smartphone screenshots to a noticeable degree.”
  • Unfamiliar Apps. Parental control apps, for instance, can be used for spying. Search your device for unknown apps and immediately remove those you don’t recognize.
  • Unwillingly jailbroken or rooted device. Jailbreaking an iOS device or rooting an Android device removes limitations and allows you to bypass official app stores to install unapproved apps. (It can expose you to security risks and isn’t recommended.) An unwillingly rooted or jailbroken device is a strong indication of suspicious activity. To see if your iOS device has been jailbroken, use an app called Cydia; to see if your Android device has been rooted, try Root Checker. When buying a second-hand phone, always restore it to factory settings.
  • Abnormally high mobile data usage. This might be a sight that spyware is sending and receiving data in the background. Check your data usage, including the data consumption of individual apps.
  • Strange activity in sleep mode. In sleep mode, your device should only light up or make a sound when you engage it, or when you receive messages or calls—and the screen should be off, not just darkened.

How do you get spyware?

Spyware usually makes its way onto your device by deceiving you or exploiting software vulnerabilities. Here are a few common ways this happens:

  • A zero-click remote exploit, used by Pegasus, is a new method of entry, and is especially dangerous. It seems to be able to circumvent built-in security features, such as Apple's BlastDoor, and requires no user interaction. As The New York Times reports, “It is considered the Holy Grail of surveillance because it allows governments, mercenaries and criminals to secretly break into someone’s device without tipping the victim off,” and “can turn on a user’s camera and microphone, record messages, texts, emails, calls.”
  • Security vulnerabilities. Your device’s hardware and software can be abused or exploited to gain access to your system. These vulnerabilities are sometimes referred to as bugs, exploits (normal, unintentional results of hardware and software manufacturing), or backdoors (intentionally installed once an attacker gains access).
  • Phishing and spoofing. Spyware is often obscured within normal-looking downloads and websites, waiting for you to let it in. Phishing and spoofing often work in tandem to make this happen; phishing is when an attacker gets you to perform an action like clicking a spyware-laden link, spoofing is when phishing emails and websites are disguised to look familiar, tricking you into trusting them. Once on the malicious web page, code attacks your browser, allowing spyware to force itself onto your device.
  • Misleading marketing and software bundles. Spyware can hide in plain sight. It can be advertised as useful software, such as a download manager or a disk cleaner, or can come bundled with desirable software, concealed as a necessary component, referred to as bundleware. While it might come without a warning, an infection often occurs when you agree to an add-on, extension, or plugin in the desirable program’s license agreement.
  • Trojans. Like the Greeks who concealed themselves in a wooden horse to enter Troy, , a trojan, in computing,  is a harmless-looking program designed to breach your device’s security in order to attack and infect it.
  • Through your mobile device. There is more and more mobile-specific spyware as mobile devices become increasingly ubiquitous. These infections typically occur in three ways: unsecured wi-fi, operating system (OS) flaws, and malicious apps—the last method being the most common. (Apple acknowledges that a “common way malware is distributed is by embedding it in a harmless-looking app.”) Regardless of your OS, stick to official app stores.

Types of spyware

The point of all spyware is to gather data for the benefit of its author, but there are different types of spyware with different functions, some more harmful than others:

  • System monitors track your device to capture browsing and search history, emails, and system credentials, among other data, sometimes by taking regular screenshots.
    • These include keyloggers that record your keystrokes, which can reveal personal information, like passwords or credit card details.
  • Stalkerware, sometimes called mobile spyware, monitors your mobile device activity, such as your calls, messages, emails, location, photos, and browsing history.
  • Password stealers, as the name implies, stealthily obtain passwords from infected devices, including stored credentials from web browsers and system login credentials.
  • Banking trojans harvest credentials from financial institutions, including brokerages, online financial portals, and digital wallets, often by taking advantage of browser security vulnerabilities.
  • Infostealers scan your device for all sorts of personal data—including passwords, usernames, email addresses, system information, browser history, log files, documents, and media files—and can then use it for identity theft.
  • Adware can monitor your activity to serve malicious ads or sell your data to advertisers.
  • Tracking cookies are small amounts of data stored on your device, created by and read by website servers in order to follow you across the web.

How do I remove spyware?

Here are few steps you can take, in this order, if you suspect you’re being spied on:

1. Use security software

Security software, sometimes called antivirus or anti-malware software, is designed to prevent, scan for, detect, and remove malware, including spyware, from your device. Once installed, most software runs automatically in the background, searching for known threats and flagging programs that behave suspiciously.

For the best results, install tested software from an established, reputable provider. Once on your device, run the software’s scanner to see if it detects any threats. If so, the software either deletes the problem file or holds it in a quarantined area where it can’t infect your system, and from which you can then restore or remove it yourself.

iOS users should note that, due to its (once) secure reputation, iOS is the only major OS with no security software options available. (It’s said to be nearly impossible to write a security program that runs on iOS.) Unfortunately, iOS may no longer be the exception to the rule. For now, if you think your iOS device is infected, proceed to the following steps.

2. Remove the problem app manually

If you think you picked up spyware through a malicious app, restart your device in safe mode, search your apps for suspicious or unknown apps, and delete them, making sure to also remove all associate files. Then, restart your device.

This goes for mobile devices especially: Remember, mobile spyware infections commonly occur through malicious apps.

3. Update your OS

If there’s an update available for your OS, install it. This can break the spyware, although it may not necessarily remove it, so consider other approaches in conjunction.

Updating your mobile OS reverses jailbreaking or rooting and removes unauthorized apps, both common ways spyware infects devices.

4. Do a factory reset

Regardless of your device, a factory reset is the most effective way to remove spyware—it’s unfortunately also the most destructive. Resetting your device deletes all of its data and third-party apps, and restores it to factory settings, meaning it also reverses jailbreaking or rooting.

Back up your data first, and don’t reinstall the same apps without knowing whether they carried spyware. If you can restore your data from a backup, be sure it predates the spyware—you might otherwise find yourself back where you started.

How do I protect myself against spyware?

Ideally, spyware never makes it to your device in the first place. As with most malware, the best defense starts with you. Here are a few ways to keep prying eyes at bay:

  • Keep your software up to date. It’s easy and effective. Developers are constantly improving your OS’s security by fixing flaws and bugs, making it hard for spyware to capitalize on vulnerabilities.
    • If you have an apple device, update your iOS. Apple introduced new security defenses in the iOS 15 software update, which is now available. To install it go to Settings > General > Software Update.
  • Only let people you trust use your device. This might seem obvious, but it works. Anyone with physical access to your device can install spyware. Lock it with a strong password, PIN, or fingerprint, and make sure your authentication is required to install apps.
  • Only install apps from trustworthy publishers. Avoid downloading software from unreliable websites or peer-to-peer networks. The same goes for mobile apps, which should come from the Google Play Store or Apple App Store. Read through reviews before installing, manage app permissions, and regularly uninstall unused apps.
  • Be cautious with incoming links and downloads. The simplest way for an attacker to remotely install spyware is to persuade you to accidentally install it. Don’t follow links in text messages, and avoid email links and attachments if you can. If you aren’t sure where a link might lead you, hover over it before clicking to see the URL.
  • Use reputable security software. Although most OSs offer some form of built-in protection—and while no one app, built-in or third-party, free or paid, is universally effective against all threats—security software is usually necessary. It should be tested, should always come from a reputable provider, and only from their website, an official app store, or a retail store.
  • Set up new passwords. If you’ve been infected with spyware, your login details could have been compromised. To be sure your device and accounts are now secure, change your passwords.

Ready to protect your privacy online and use products that benefit you, not scammers and advertisers? Try Neeva, the world’s first private, ad-free search engine. We will never sell or share your data with anyone, especially advertisers, and we are committed to showing you the best results for every search. Try Neeva for yourself, at neeva.com.