What Does Spyware Do?
As its name suggests, spyware is malware designed to spy on a computer. All spyware is designed to infect and hide on a computer and collect data, but the types of data that it collects depends on its intended use.
The most well known example of spyware is the Pegasus malware developed by the NSO Group. This malware is ostensibly only available to governments for use in law enforcement but has been found to be used to target activists, business executives, and journalists on multiple occasions. Pegasus uses various vulnerability exploits to infect devices without any user interaction.
The Threat of Spyware
Spyware is used for various purposes, some of them legitimate, such as law enforcement. This could make this type of malware seem less damaging and dangerous than others, such as ransomware.
However, the data collection capabilities of spyware pose a significant risk to an organization. Spyware could collect and leak sensitive data and trade secrets, damaging an organization’s ability to compete and risking regulatory non-compliance. The passwords collected by a keylogger could be used to gain privileged access to corporate systems, enabling an attacker to carry out other attacks. Spyware on mobile devices can track location, record speech and video, and monitor SMS, email, and social media usage.
Types of Spyware
Spyware comes in a few different forms, such as:
- Trojans: Trojans are malware that masquerades as a legitimate program while concealing malicious functionality. Often, this type of malware is used to infiltrate a device and then install or download spyware.
- Adware: Spyware is designed to collect in-depth information about a user and their habits and interests, all of which is valuable to marketers. Adware is spyware designed to collect information for marketing purposes or to serve unwanted, deceptive, or malicious advertisements.
- Tracking Cookies: Cookies are files saved on a computer by a website to store configuration information. One example is an authentication token stored to allow repeat logins on a trusted device after clicking “Remember Me”. Tracking cookies are designed to be accessed by many sites, enabling them to track a user across the Internet.
- System Monitors: System monitors are malware that monitors a user’s activities on a computer and sends them to the attacker. A keylogger is a specific type of system monitor that logs keystrokes, but system monitors can also track websites visited, file access, emails, etc.
How Can You Be Infected by Spyware?
Spyware can infect a device in various ways, including:
- Trojans and Phishing: Spyware commonly masquerades as a legitimate file or program attached to an email, downloaded from a website, or installed from a mobile app store. Once opened or executed, the malicious functionality is embedded on the target device.
- Bundled Software: Data collection for targeted marketing is a core component of many organizations’ business models. Spyware – under a different name – may be bundled with a desired program and included in the licensing agreement, making it impossible to install one without the other.
- Vulnerability Exploits: Since spyware is malware, it can spread in the same ways as other malware. Some spyware, like Pegasus, will exploit vulnerable systems to install themselves without user interaction.
Spyware is designed to be subtle, meaning that a well-implemented piece of malware may be very difficult to detect. While less professional spyware may cause performance issues, such as a computer running slowly or crashing, detecting more sophisticated variants requires the help of an endpoint security solution.
If a device is infected with spyware, an endpoint security solution with anti-spyware functionality is the best way to mitigate it. Spyware commonly includes persistence mechanisms and makes modifications to files and settings to make itself difficult to remove. An endpoint security solution can both eradicate the infection and restore these files and configurations to normal.
Spyware Protection With Harmony
Spyware is a threat on any device, and Check Point Harmony Suite has solutions for any endpoint.
Check Point Harmony Mobile provides comprehensive anti-spyware protection as part of its Mobile Threat Defense (MTD) functionality, including:
- Command and Control (C&C) Detection: Harmony Mobile has access to ThreatCloud’s database of C&C signatures. Any communications to or from these known-bad domains are blocked.
- Vulnerability Risk Management: Spyware commonly infects a mobile device by exploiting known vulnerabilities within the mobile OS. Harmony Mobile enables an administrator to define risk levels based on a device’s current OS patch level and whether the OS has known vulnerabilities. Risk management policies can then be configured to block access to corporate resources for devices above a certain risk level.
- Malicious Content Blocking: Many types of spyware, like Pegasus, infect a mobile device by sending malicious content (files, SMS, etc.) designed to exploit vulnerabilities in the device. Harmony Mobile uses ThreatCloud and Check Point’s Threat Extraction and Threat Emulation engines to identify and block malicious downloads and to detect malicious content in Android storage.
- Rooting/Jailbreak Detection: Spyware commonly roots or jailbreaks infected devices to gain privileged access to protected functionality and control over the applications installed on the phone. Harmony Mobile detects rooting and jailbreaking on mobile devices, enabling administrators to manage this elevated risk.
- Sideloaded App Detection: Mobile apps installed from unofficial and third-party app stores are much more likely to be malicious. Harmony Mobile detects sideloading and can alert on unofficial and malicious apps to block spyware from infecting a device.
To learn more about spyware, mobile malware, and other cyber threats to mobile devices, download Check Point’s Mobile Security Report. Then, sign up for a free demo of Harmony Mobile to see how it can mitigate the spyware threat for your organization.