The cyberattacks on Spanish politicians carried out by the Pegasus malware have undoubtedly put the word ‘Spyware’ in the mouths of many. The term “spyware” was coined in the mid-1990s, but the software itself existed long before that, added by a developer as a spyware component to their programs to track their usage.
History of Spyware
In the early 1990s, more than 90% of computer users around the world had their machines infected. with some kind of spyware, installed without your permission and without knowing it. Today, there is a lot of spyware in circulation, some even included in the hardware. Instead of targeting individual users, spyware creators aim to collect as much data as possible and sell it to advertisers, spammers, scammers, or hackers.
With the emergence of new forms of malware every few secondss, no one is safe from spyware. Even companies you trust use spyware to track your behavior, something you’ve allowed them to do by agreeing to their End User License Agreement.
Types of Spyware
According to experts at Software Lab, “all forms of spyware” can be divided into five categories:
Programs that have the ability to scan infected computers and steal a variety of personal information. This information may include browsing histories, usernames, passwords, email addresses, personal documents and media files. Depending on the program, infostealers store the data they collect on a remote server or locally for later retrieval.
Password stealers are very similar to infostealers, with the only difference being that they are specially designed to steal login credentials from infected devices. First detected in 2012, these spyware don’t steal your passwords as you type them. Instead, they stick to the browser to extract all your saved usernames and passwords. In addition, they can also record system login credentials.
Sometimes called system monitors, keyloggers are spy programs that record keystrokes connected to an infected computer. While hardware-based keyloggers record every keystroke in real time, software-based keyloggers collect periodic screenshots of currently active windows. This, in turn, allows them to record passwords (if not encrypted on screen), credit card details, search histories, email and social media messages, and login histories. the browsers.
Banking Trojans are programs designed to access and record sensitive information that is stored or processed through online banking systems. Often disguised as legitimate software, banking Trojans have the ability to modify the web pages of online banking sites, alter transaction values, and even add additional transactions to benefit the hackers behind them. Like all other types of spyware, banking Trojans are built with a backdoor, allowing them to send all the data they collect to a remote server.
With the gradual shift from dial-up access to broadband over the last decade, modem hijackers have become a thing of the past. They are perhaps the oldest type of spyware that attacked their victims while they were surfing the Internet. Usually, a pop-up ad would appear, enticing the user to click on it. When they did, a silent download of a file was initiated that took control of their dial-up modem. Once in charge of the computer, the modem hijacker would disconnect the phone line from its current local connection and connect it to an international one.
Famous Spyware as Alternatives to Pegasus
Spyware that was previously used by the National Security Agency (NSA) to spy on specific people, Dropoutjeep was installed on laptops and mobile devices, especially Apple iPhones. This spyware made headlines 9 years ago, when security researcher Jacob Applebaum, citing an NSA document, said:
“It has the ability to remotely push/pull files from the device. SMS retrieval, contact list retrieval, voicemail, geolocation, microphone, camera capture, signal tower location, etc. The command, control and data exfiltration can occur via SMS messaging or a GPRS data connection. All communications with the implant will be covert and encrypted.”
With all these data, the NSA was able to track a person’s movements and monitor what they are sending messages or viewing. All without alerting the person that their phone has been hacked.
According to this Livemint report, the RCSAndroid spyware it spread through an app, which was published on the Google Play Store without raising any alarms. This app was designed by a tech company from Milan in Italy called Hacking Team.
This company, like NSO Group, claims to be in the business of surveillance software and sell it to government and law enforcement agencies. The security experts at Trend Micro in 2015 cataloged in a report a RCSAndroid how “one of the most professionally developed and sophisticated Android malware ever exposed.”
A report from Motherboard notes that Exodus sypware was created by an Italian-based surveillance company, eSurv. Detailed investigation carried out by the publication found that the malware carried Italian text in its code, which is where eSurv was based. But unlike Pegasus, which requires complex machinery, Exodus follows a two-step process.
The malware, which infected phones via an app, had to be downloaded by the user, after which it was able to retrieve information such as the target’s IMEI code and phone number. Once you’ve accessed that, the malware pIt allows the hacker to seize data ranging from a list of applications, the phone’s contact list, and even photos on the device.
The surveillance segment is a popular space for Israeli companies. Another company called Picsix has designed a product that can find a person’s location, just from their mobile number. P6-GEO, like other programs, is probably used by intelligence agencies. Un informe del site The Daily Beast, says it can also be used to manipulate GSM mobile users.
This program takes advantage of security vulnerabilities in Internet Explorer to hijack the browser, change settings and send browsing data to its author.
Often bundled with file-sharing programs like Kazaa, this program monitors a victim’s browsing habits and uses the information to serve better targeted ads.
Especially popular in the days of dial-up, this program promised to help increase Internet speed. Instead, it replaced all error and login pages with ads.
This was a modem hijacker that disconnected the victim’s computer from a local phone line and connected it to a pay phone number designed to access porn sites.
Also known as Zlob Trojan, this program uses ActiveX codec vulnerabilities to download itself onto a computer and record search and browsing histories as well as keystrokes.