Anti-stalkerware coalition calls time on intrusive abusers

A group of cyber security suppliers and domestic abuse charities have come together to form the Coalition Against Stalkerware, combining their cross-sector expertise in victim support and cyber security to help people targeted by dangerous and intrusive stalkerware applications.

When installed on a mobile device, stalkerware apps enable people to gain access to messages, photos, social media, audio and camera recordings, and location data stored on the target smartphone. They usually run hidden in the background and are not visible to the target user.

Although such apps can have legitimate uses, using them without consent is illegal in many jurisdictions, and they are frequently exploited by abusers to monitor, control and bully their victims – whether partners, children or colleagues. This presents a growing problem for charities working with the victims of domestic abuse, which are experiencing a surge of people seeking help with the problem.

The number of reported incidents has spiked by 35% since 2018, according to group co-founder Kaspersky, which has detected 380 variants of stalkerware in the wild this year.

Anna McKenzie of the EU-backed European Network for the Work with Perpetrators of Domestic Violence (WWP EN) said 70% of women victims of cyber stalking had also experienced some form of physical or sexual violence from a domestic partner.

“We need to stop perpetrators from using their partners’ phones for stalking and hold them accountable for their violence,” she said. “The Coalition Against Stalkerware enables us to bring our knowledge on gender-based violence and perpetrators to IT security companies, so we can work together towards ending violence against women and girls perpetrated via new technologies.”

Eva Galperin, director of cyber security at the Electronic Frontier Foundation, added: “Stalkerware, used for spying on phones and computers in domestic abuse or harassment situations, is a very serious problem, and it often goes hand-in-hand with other forms of abuse, up to and including physical violence.

“The ubiquity of stalkerware is a complex problem and we need stakeholders from all parts of society in order to fight it effectively.”

To this end, the Coalition Against Stalkerware will work towards an agreed-upon standard definition of what exactly stalkerware is, and criteria to direct and address it. Until now, these issues have made it hard for the security industry to get its head round the problem.

The group consists of 10 organisations – Avira, the Electronic Frontier Foundation, the European Network for the Work with Perpetrators of Domestic Violence, G Data Cyber Defense, Kaspersky, Malwarebytes, the National Network to End Domestic Violence, NortonLifeLock, Operation Safe Escape and Weisser Ring.

Vyacheslav Zakorzhevsky, Kaspersky’s head of anti-malware research, said: “In order to counter this issue, it is important for cyber security vendors and advocacy organisations to work together. The IT security industry gives its input by improving detection of stalkerware and better notifying users of this threat to their privacy.

“Meanwhile, service and advocacy organisations work directly with victims of domestic violence, know their pain points and requests, and can guide our work. So acting together, shoulder to shoulder, we will be capable of assisting survivors through technical expertise and capacity building.”

David Ruiz, online privacy expert at Malwarebytes Labs, added: “Just like the abuse it can enable, stalkerware also proliferates away from public view, leaving its victims and survivors in isolation, unheard and unhelped. Forming and fighting together with the Coalition Against Stalkerware is the next, necessary step in stopping this digital threat – a collaborative approach steered by the promise of enabling the safe use of technology for everyone, everywhere.”

The group’s website has already gone live, and besides the goal of facilitating knowledge transfers among members and established best practice standards, it will soon contain more information for victims of stalkerware, covering what it is and does, and how to protect yourself.

If you discover stalkerware on your device, you are best advised to immediately contact local law enforcement or a local victim support organisation – including, in the UK, the likes of the National Domestic Violence Helpline or the National Stalking Helpline. Citizens Advice maintains a list of other organisations, including resources for male victims and LGBTQ people.

It is extremely important to know that attempting to remove stalkerware apps from your device can place you in greater danger, because your abuser or stalker may be automatically informed, and you could erase critical evidence in your favour.