Our Guide to Spyware and the Threats it Poses

Read time 8 mins

Written February 2021


The classification of ‘Spyware’ can be applied to any software which is downloaded without the authorisation of the user, and once in place and stealing data, it could be passed on to an external third party such as an individual or government agency, advertisers or hackers with criminal intent.

Spyware is a form of malware – malicious software which is installed on a device without the knowledge of the user – which, once installed, steals sensitive personal and private information and internet usage data. The comprehensive nature of the threat presented by Spyware once it is present on a device is such that it could be utilised to access every type of data imaginable, from private messages and emails, to banking details and passwords. In some cases the Spyware will operate in a way which logs each keystroke of the user on their device, something which would clearly put virtually all information passing through the device at risk.

The sheer scale of the threats presented by malware of this kind is reflected in the massive growth of detections worldwide in the decade between 2010 and 2020. In 2010, according to Statista, the number of malware detections worldwide amounted to 28.84 million programmes. By March 2020 this figure had risen to 677.66 million programmes. The independent research institute for IT security AV-TEST, monitors and collects malware such as Spyware from around the world, and registers more than 350,000 new instances every single day.  The size of the problem presented by it is matched by the financial scale of when malware impacts, whether it’s on private individuals or businesses. According to WebFX, the global cost of it is set to rise to $6 trillion in 2021, having been $2 trillion in 2019, with the average US business having to spend $525 per employee on data security, and the overall nationwide cost of malware hitting $55 billion.

Potential Impact

The impact of Spyware on an individual or business can vary depending upon the type. In some forms, this will be an application which opens when the device is started up and runs in the background while it is being used. It will then generate multiple pop-up ads which, together with hijacking random access memory (RAM) and processor power, will slow the web browser down until it becomes impossible to use. In other cases, the Spyware might reset the browser homepage and redirect web searches, rendering the search engine ineffective, or alter the dynamically link libraries (DLLs) of the device, causing connectivity failures.

The most damaging form of Spyware is probably that which will track browsing history, recording details such as passwords, payment card numbers and banking records, all of which can be used by hackers to facilitate identity theft. In some cases it will also alter the firewall settings of the device, opening a back door into the security protecting the device in order to allow more malware to invade. The most sophisticated forms are even able to recognise and resist attempts to remove them from the registry of the device.


Types of Spyware

The term ‘Spyware’ covers many different types of malware, and the following are just a few of the more common:


Adware displays ads on the basis of your online activity. Although there is such a thing as legitimate Adware, when delivered as malware it will install itself on a device in secret, spy on the browsing history of the user and then place intrusive ads on the basis of that.


Once Trojans have been installed on a device they will seek out sensitive information such as bank account details, and sell the information on to third parties. In other cases Trojans gain control of a device through the installation of a back door in the security provision.


Keylogger Spyware will capture the activity on a device by registering keyboard inputs. The information gained in this manner might include text messages, emails, usernames, passwords and internet search history.


Stalkerware is usually installed on the mobile phone of the victim by a third party. Once in place, it enables the third party to read text messages, listen to conversations, take screenshots and track the location of the device. It can even capture any pictures taken by the phone and pass them on to the third party.

System monitors

As the next step up from keyloggers, system monitors capture everything which happens on a device to pass the information on to a third party. As well as keyboard inputs, this information could include emails, chat room dialogues, search history, programmes launched and phone calls made.


Keyloggers and system monitors could both be listed under the umbrella description of Infostealers. As well as monitoring ongoing activity, Infostealers will scan a device for historical data and will harvest things like documents and instant messaging sessions. Some forms are designed to steal all of the information during a single sweep and then disappear from the device before the user is able to register their presence.

At their most advanced, Infostealers can access the cameras and microphones in a device to record and film conversations, and run facial recognition software.

How could Spyware find its way onto a device or system?

There are a number of methods used by malicious third parties in order to place Spyware onto devices without the knowledge or consent of the user. The most common involves tricking the user into clicking on a link which leads to a malicious website. The link in question might be presented in a text message, an email, an ad on a web page or a pop-up window, and links have even been known to appear within Google search results.

Sometimes the Spyware is delivered to a device in what is referred to as a ‘drive by’ infection. This happens when an infected ad is delivered to a legitimate website, or sometimes through malicious code being hidden within legitimate websites, so that the device can be affected simply because the user visits the site.

This is a technique often used in ‘watering hole’ attacks. The name refers to the phenomenon witnessed in the natural world, whereby predators will wait for prey to gather in numbers around a watering hole before picking their victims off. In terms of Spyware, a watering hole attack will be targeted at a specific group of users drawn to a particular site. In 2013, for example, malicious script was hidden within PhoneDevSDK, a site popular with iOS developers. The script redirected visitors, including developers from Apple, Facebook and potentially Twitter, to another site at which the drive-by infection by Spyware took place.

Other methods by which it can infect a device include clicking on infected files attached to emails from what appear to be trusted sources such as a bank or government agency, or within downloaded software. In some cases the software itself might be deleted, but the Spyware remains on the device to continue extracting data.

Preventing spyware infections

The first, simplest and most effective means of preventing Spyware infecting your devices is to install trusted anti-malware or anti-spyware software and ensure that it is regularly updated. This should be combined with anti-virus software and a robust firewall, but there is no such thing as completely fool-proof security, so it’s important to take the following steps to protect your devices:

Avoid free software

There’s no denying the fact that much of the free software available online is extremely useful, but that doesn’t stop it also being extremely risky. If you’re tempted to download a free application, research the source in depth to establish whether you think it can be trusted or not.  If you’re at all uncertain then avoid the software in question.

Pop-up ads

Most people are aware by now that you shouldn’t fall for the kind of pop-up ads that invade your browser window offering things which sound too good to be true, simply because they are too good to be true. Even if you don’t click on the ads however, you could still find yourself downloading Spyware by clicking on a ‘cancel’ or ‘close’ button. Rather than doing this, right click on the top border of the ad and select ‘Close’.

Email attachments

Avoid clicking on attachments to emails or links within emails, particularly if the email is unsolicited, unexpected or from an unknown source. In some cases the email may have been designed to closely resemble one sent from a trusted source such as an online store or a bank, but the same caution should still be applied.

Keep the Operating System updated

Older software or an out-dated operating system might contain security vulnerabilities which represent a doorway onto your device for hackers. Update your operating system or software whenever prompted to do so in order to ensure that these doorways are slammed shut before they can be used to plant Spyware on your device.

How to detect

Even if the presence of a Spyware programme is not directly apparent – if it isn’t listed in the programmes on your control panel for example – there are certain signs that your device might have been infected including the following:

  • Running and responding slowly and sluggishly
  • Increased numbers of pop-ups and ad messages – Spyware often arrives on a device in conjunction with Adware
  • The appearance of new internet home pages, search engines and toolbars
  • Battery power running out more quickly than usual
  • Issues when logging on to secure sites. If the first attempt fails and the second succeeds, this could mean that the first attempt took place on a fake browser and the second attempt – and with it your log-in details – was communicated to a third party.
  • Unexplained increases in data or bandwidth use. This could reflect the fact that spyware is hovering up your personal information and uploading it to a third party.

If you have an Android phone, check ‘Settings’ for a setting which allows apps which aren’t in the Google Play Store to be downloaded and installed. If this has been enabled it could mean that Spyware has been installed.

On an iPhone, an app called Cydia enables users to install software on their phone which has been ‘jailbroken’ to enable root access to system files and the installation of apps, extensions and themes not supported by Apple, or available from the Apple App Store. If you find this app but didn’t install it then you must remove it immediately.

Spyware is something that should get taken seriously, which it is by many, however there are also many people who underestimate or even know about the threats and risks it poses. Not only are they exposing themselves to Cyber-crimals, but they’re potentially putting their business and personal data at risk.

Discover our Cyber Security services and how we could help protect your business.

Get In Touch