Unveiling Types of Spyware: A Comprehensive Exploration of Various Threats

by | Aug 21, 2023 | Security information

Unveiling Types of Spyware: A Comprehensive Exploration of Various Threats

Spyware Definition – What Is Spyware?

Spyware is a type of malware that is secretly installed on a device to covertly collects users’ data, from browsing history to personally identifiable information, sets of credentials, banking details, to email addresses on the contact list of the victim’s email client. These data can then be transmitted to a threat actor who can use it to craft phishing and spoofing attacks on the individual or organization or use the victim’s personally identifiable information to carry out identity theft scams.

What are the Different Types of Spyware?

There are many different types of spyware based on how they operate on the host system. Some will modify the designed behavior of an application, while others will send data to the attacker’s servers. Most spyware could be included in one of two broad categories: system monitors and adware.

System monitors

This type of spyware collects data of the host computer and logs the victim’s usage on the device. These data is then sent to the control center servers of the threat actor. Data collected by a system monitor may include email addresses on the victim’s contacts list or lists of visited websites. Keyloggers, for example, record the victim’s keystrokes to capture credentials, banking, or personal information as the user types them on the keyboard. System monitors may include the ability to capture the position of the mouse pointer and clicks, take screenshots, or record video and audio using the built-in devices on the system. Examples of this type of spyware for computers are Olimpic Vision and Zlob, which will install on the victim’s computer to record clipboard contents and browsing history. An example of this type of spyware for mobile devices is the infamous Pegasus. This spyware was used by threat actors to spy on politicians and journalists worldwide.

Adware

This type of spyware displays unsolicited advertisements based on the victim’s web browser habits and visited sites. These data might be transferred to the command-and-control center of the threat actor. Browser hijackers are a type of adware that modify the victim’s browser settings in order to alter the functionality set by the user. For instance, a browser hijacker might change the browser’s start page or redirect searches to sites configured by the attacker. Browser hijackers are usually a third-party extension of the web browser, but also might modify the Windows registry keys or proxy settings. Examples of adware are Gator and 180 Solutions. These adwares would get installed without the users’ consent and display ads based on browsing habits. CoolWebSearch was a browser hijacker that would redirect traffic to websites different from those requested by the user.

How Does Spyware Work

The functioning of spyware could be divided into three stages: delivery, installation and control and command.

Delivery

The delivery stage refers to how the payload is sent to the victim’s device. The delivery method can be tailored to the target type of device. A common method to deliver the payload is by email. Threat actors will send phishing and spoofing emails to victims containing a URL to the payload. The payload will be downloaded and installed on the victim’s device after following the link. Another method of delivering the payload is by bundling the payload with other software. The user will download and install a software package that will install the spyware on their computer. Spyware can also be delivered as a trojan. Trojans are a type of malware that will appear to be a legitimate application, often using the same name and icon as the real one. Users will download and inadvertently install the spyware thinking they are installing a legitimate application. Spyware can also be delivered as an app on the application stores of the vendor of mobile devices. Another delivery method for spyware is links on websites or popups. These links redirect to malicious web browser add-ins, such as browser hijackers or adware, that modify the intended behavior of the web browser. A delivery method specific to mobile devices is messages sent as traditional text messages or to messaging apps, such as WhatsApp. These messages will include links to URLs with the payload.

Installation

Spyware can be installed in different ways on the host device. Some types of spyware such as keyloggers, screen captures, or mobile spyware are applications that run in the background collecting and sending personal information. Adware and web browser hijackers will install a web browser add-in to redirect traffic or show unrequested advertisements. Some variants will modify entries on the Windows registry, such as DNS or proxy settings.

Control and command

Once the spyware is installed, spyware may collect and send data to the control center of the threat actor. These data can include keystrokes, web browsing history, personal information, or text and call history from a mobile device.

Problems Caused by Spyware

Spyware will have an impact on availability and confidentiality. Spyware that runs as an executable will use system resources, such as CPU, memory, and bandwidth, which may slow down the host computer. Additionally, the continuous popups and banners and constant redirections caused by adware and web browser hijackers often render the web browser unusable.

Most spyware collects private and confidential information, which is transmitted to third parties. This compromises the confidentiality of the data stored on the system. At an individual level, these data can include victim’s behaviors, personal information, banking details and text and call data, but it can also include business information, such as credentials for the organization’s internal resources or tools.

These data can be used to gather information and access the organization’s systems and to craft and deliver phishing and spoofing campaigns. Also, spyware opens the door to introduce different malware on the infected host.

How to Detect On Your System

Because spyware will use the device’s resources and modify the expected behavior of some of the applications, the points below might be an indication that spyware is installed on a system:
  • The system runs slow, and applications take longer to load and run;
  • Increased data usage from previous periods. This would indicate that keyloggers, screenshots, or audio is uploaded to the threat actor’s servers;
  • Authentication failures when logging into websites. This could indicate that data entered may have been captured at logon time by the spyware;
  • New toolbars appeared on the Web browser, or the default search engine or home page changed. This is often the case when a web browser hijacker or adware is installed on the device;
  • Random popups and advertisements appear while browsing the Internet or on the Windows notification area.

How to Remove Spyware From Your System

The best approach against spyware is prevention. Below are some pointers on how to prevent spyware from getting installed:

  • Use a spam filter to block phishing and spoofed emails;
  • Ensure that the operating system is fully patched and that antivirus software up to date and has the latest definitions;
  • Only install applications downloaded from the developer’s official website;
  • Check the terms and conditions before installing any application and decline any optional downloads at install time;
  • Use multi-factor authentication where possible, especially to access sensitive websites.

If a computer is compromised, the points below outline how to remove spyware on a computer:

  • Ensure that the antivirus software on the device is up to date and run a full scan. Quarantine or delete any malware found;
  • Reset the web browsers to their default settings and remove all suspicious or unknown addins;
  • Checked installed programs and manually uninstall any suspicious or unknown applications.

If the issues still persist after following the steps above, it might be required to reload the operating system. This typically consists of backing up user data and reinstalling the operating system.

If a mobile device is compromised, the steps below describe how to remove spyware:

  • Checked the apps installed on the device and remove any that appear suspicious or are unknown;
  • Download an antivirus app and run a scan on the device, and quarantine and remove any malware found.

As in the case of computers, if the issue still persists, it might require to backup personal data from the device and reset it to factory defaults.

For an overall look at cybersecurity risks gained from analyzing 25 billion emails, see our free Cyber Security Report 2023.

To properly protect your employees against spear phishing, use Hornetsecurity Security Awareness Service as we work hard perpetually to give our customers confidence in their Spam & Malware Protection and Advanced Threat Protection strategies.

To keep up to date with the latest articles and practices, pay a visit to our Hornetsecurity blog now.

FAQs

What are the main types of spyware?

The main types of spyware are system monitors and adware.

What is the most popular spyware?

Olimpic Vision and Zlob are two of the most popular system monitors targeting computers and Pegasus is a system monitor targeting mobile devices. Popular examples of adware are Gator, 180 Solutions and CoolWebSearch.

Is keylogger a spyware?

Yes. A keylogger is a type of system monitor that keeps track of the victim’s keystrokes.

Do hackers use spyware?

Yes. Hackers will used data collected by spyware to, for example, deliver phishing or spoofing campaigns or perpetrate identity theft scams.

Can spyware see you?

Some system monitors include the ability to turn on the web camera on the infected device and send the recording to the threat actors.