What are the top 10 spyware threats?
What is spyware?
Spyware is a term that refers to malicious software that is purposely designed to access a computer and record its activity. Spyware can track and record a user’s browsing habits, login credentials, passwords, etc. The spyware author uses the information obtained in this data breach to engage in fraudulent activity, or sell it to a third party.
Visit our spyware feature page to learn more about this problem and how to beat it.
The top 10 spyware threats
The top spyware threats facing organizations today include:
1. Advanced Keylogger
2. CoolWebSearch (CWS)
CoolWebSearch (CWS) is a software suite used to exploit Internet Explorer (IE) vulnerabilities and may hijack a user’s web searches, homepage and other IE settings. CWS spyware is known to rewrite search engine results, modify the infected device’s host file to redirect DNS lookups and direct traffic to advertisements.
3. FinSpy (aka FinFisher)
FinSpy, or FinFisher, is an advanced suite of surveillance tools sold to law enforcement and intelligence agencies. FinSpy works on Windows, macOS, Linux, Android and iOS operating systems. Its capabilities vary depending on the platform. Law enforcement, intelligence agencies, and threat actors often use FinSpy to secretly turn on microphones to record conversations, switch on cameras, record and transmit images, transmit key logs in real time, modify files and much more.
4. Gator (GAIN)
Gator is a type of adware that may display banner advertisements based on user web surfing habits. Gator is often bundled with numerous free software programs and pirated applications. Gator monitors online user behavior and targets them with personalized ads.
5. GO Keyboard
GO Keyboard is a virtual Android keyboard app that masquerades as a legitimate mobile application. Once installed on an Android device, GO Keyboard transmits personal information to its remote servers without explicit consent from users.
Information shared by GO Keyboard spyware includes:
- Android OS version
- Device model and screen size
- Google account email address
- International Mobile Subscriber Identity (IMSI)
- Network type
- Preferred language
- Social media interactions
GO Keyboard executes code from a remote server to breach Google Play privacy policies.
HawkEye, a keylogger virus, was dormant for years but returned during the early days of the COVID-19 pandemic. Infected machines track key logs and other inputs and share this information with a remote server.
New versions of HawkEye are increasingly difficult to detect due to exceptional anti-detection features. A recent version took the form of a spyware email threat pretending to be an alert from the director-general of the World Health Organization. This social engineering attack encouraged users to download a (malicious) attachment to access information about COVID-19 and the vaccine.
HuntBar is a Trojan application that hijacks web browser settings and downloads and installs adware without the user’s knowledge. Also known as Adware.Websearch or WinTools, HuntBar tracks browsing behavior, redirects web traffic to affiliate websites, forcefully displays advertisements and installs more spyware programs and toolbars on IE.
Look2Me is spyware that tracks user behavior, website logs and social media interactions and shares this information with a remote server. The information is then used to show intrusive advertisements. Look2Me spyware also downloads and installs various add-ons, extensions, toolbars and other unwanted programs on a user’s computer. This makes the spyware threat more dangerous than traditional adware. Removing Look2Me is difficult because of its rootkit-type functionality.
NSO Group’s Pegasus spyware is one of the latest spyware threats making headlines. Although Pegasus was initially developed to fight terrorism, evidence suggests that many clients use Pegasus to spy on journalists, political activists, political opponents and almost anyone the client desires. The governments in France, Hungary, India, Saudi Arabia, United Arab Emirates, the United Kingdom and the United States are known to have used Pegasus spyware.
PhoneSpy is an example of a spyware virus that pretends to be a mobile application to gain access to and infect Android mobile devices. This approach allows threat actors to remotely control mobile devices and steal data. Mobile applications with PhoneSpy aren’t available on Google Play Store, so it’s believed to spread through social engineering attacks and third-party platforms.