{
	"id": "824e4a90-a5ce-4f8a-ab77-54e9ec3fde0f",
	"created_at": "2026-04-06T00:18:23.826617Z",
	"updated_at": "2026-04-10T03:22:07.407777Z",
	"deleted_at": null,
	"sha1_hash": "64f0e5dbeece202a2a9b53eb7ec9a5aebfa2c922",
	"title": "The State of Stalkerware in 2021",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 648663,
	"plain_text": "The State of Stalkerware in 2021\r\nBy Kaspersky\r\nPublished: 2022-04-12 · Archived: 2026-04-05 21:43:44 UTC\r\n The state of stalkerware in 2021 (PDF)\r\nMain findings of 2021\r\nEvery year Kaspersky analyzes the use of stalkerware around the world to better understand the threat it poses. We partner\r\nwith stakeholders across public and private sectors to raise awareness and find solutions to best tackle this important issue.\r\nStalkerware enables people to secretly spy on other people’s private lives via smart devices and is often used to facilitate\r\npsychological and physical violence against intimate partners. The software is commercially available and can access an\r\narray of personal data, including device location, browser history, text messages, social media chats, photos and more. The\r\nmarketing of stalkerware is not illegal, but its use without the victim’s consent is. Perpetrators benefit from this vague legal\r\nframework that still exists in many countries. Stalkerware is a breach of privacy and a form of tech abuse. To address this\r\ncomplex threat in a comprehensive way that best supports victims and survivors, innovative tools from a legislative, social\r\nand technological point of view are needed.\r\n2021 data highlights\r\nIn 2021, Kaspersky’s data shows that 32,694 unique users were affected by stalkerware globally. This is a\r\ndecrease from our 2020 numbers and a historic low since we first started gathering data on stalkerware in 2018.\r\nWhile this could be seen as a reason for celebration, it is not.\r\nCyber-violence is on the rise, especially since the beginning of the pandemic. As people have continued to socialize\r\nless and spend more time at home, perpetrators feel more in control, possibly making them less prone to installing\r\nstalkerware to spy on their partner. In addition, abusers, unfortunately, have a wider range of means, in the form of\r\nsmart devices, to spy on or stalk their victims. Non-profit organizations (NPOs) with which Kaspersky works closely\r\nhave shared similar observations from working with perpetrators and victims of stakerware. It is important to\r\nremember that these numbers only include Kaspersky users: they do not take into account users who use the IT\r\nsecurity solutions of our competitors or those who do not have any IT security solutions installed on their mobiles.\r\nTherefore, we see only the tip of the iceberg: while it is difficult to calculate the exact number of affected users in the\r\nworld, members from the Coalition against Stalkerware estimate that it could be at least 30 times higher, with close to\r\none million victims globally, each year.\r\nBased on data obtained from the Kaspersky Security Network, the most affected countries remain Russia, Brazil\r\nand the United States. This is in line with statistics from the past two years. At the regional level, we find the\r\nhighest numbers of affected users in:\r\nGermany, Italy and the UK (Europe)\r\nTurkey, Egypt and Saudi Arabia (Middle East and Africa)\r\nIndia, Indonesia and Vietnam (Asia-Pacific)\r\nBrazil, Mexico and Columbia (Latin America)\r\nThe United States (North America)\r\nThe Russian Federation, Ukraine and Kazakhstan (Russia and Central Asia)\r\nCerberus and Reptilicus were the most used stalkerware applications, with 5,575 and 4,417 affected users,\r\nrespectively, globally.\r\nTrends observed by Kaspersky\r\nMethodology\r\nThe data in this report has been taken from aggregated threat statistics obtained from the Kaspersky Security Network. The\r\nKaspersky Security Network is dedicated to processing cybersecurity-related data streams from millions of volunteer\r\nparticipants around the world. All received data is anonymized. To calculate our statistics, we review the consumer line of\r\nKaspersky’s mobile security solutions applying only the Coalition Against Stalkerware’s detection criteria on stalkerware.\r\nThis means that the affected number of users were targeted by stalkerware only. Other types of monitoring or spyware apps\r\nthat fall outside of the Coalition’s definition are not included in our statistics.\r\nThe statistics reflect unique mobile users affected by stalkerware: this is different from the number of detections. The\r\nnumber of detections can be higher as we may detect stalkerware several times on the same device of the same unique user\r\nif they decided not to remove the app after receiving our notification.\r\nFinally, the statistics reflect only mobile users using Kaspersky’s IT security solutions. Some users may use another\r\ncybersecurity solution on their devices, while some do not use any solution at all.\r\nhttps://securelist.com/the-state-of-stalkerware-in-2021/106193/\r\nPage 1 of 10\n\nGlobal detection figures: affected users\r\nIn this section, we highlight the global and regional numbers observed by Kaspersky in 2021 and how they compare with\r\nthose from previous years.\r\nIn 2021, a total of 32,694 single users were affected by stalkerware. The graphic below shows the evolution of affected users\r\nyear on year since 2018.\r\nThe graphic below shows unique affected users per month over the 2019-2021 period. We can see that in 2021 the trend was\r\nmore stable than in 2020, which saw a visible decrease during the months most impacted by lockdowns and quarantine\r\nmeasures.\r\nGlobal and regional detection figures: geography of affected users\r\nStalkerware continues to affect people across the world: in 2021, Kaspersky detected affected users in 185 countries or\r\nterritories.\r\nhttps://securelist.com/the-state-of-stalkerware-in-2021/106193/\r\nPage 2 of 10\n\nAs in 2020, Russia, Brazil, the United States and India are, again, the top four countries with the most identified single\r\naffected users. Interestingly, Mexico has fallen from fifth to ninth place and Algeria, Turkey and Egypt have entered the top\r\n10. They have replaced Italy, the United Kingdom and Saudi Arabia, which are no longer in the top 10 countries most\r\naffected by stalkerware.\r\nCountry Affected users\r\n1 Russian Federation 7541\r\n2 Brazil 4807\r\n3 United States of America 2319\r\n4 India 2105\r\n5 Germany 1012\r\n6 Iran (Islamic Republic of) 891\r\n7 Algeria 665\r\n8 Turkey 660\r\n9 Mexico 657\r\n10 Egypt 640\r\nTable 1 – 2021’s top 10 countries affected by stalkerware – globally\r\nIn this year’s report, we provide more detailed regional statistics with numbers for Europe, Asia-Pacific, Latin America,\r\nNorth America, Russia and Central Asia and the Middle East and Africa.\r\nIn Europe, the total number of single affected users was 4,236 in 2021. Germany, Italy and the United Kingdom rank at the\r\ntop of the list, repeating their top rankings last year. Austria has been replaced in the top 10 by Czechia.\r\nCountry Affected users\r\n1 Germany 1012\r\n2 Italy 611\r\n3 United Kingdom of Great Britain and Northern Ireland 430\r\n4 France 410\r\n5 Poland 321\r\n6 Spain 321\r\n7 Netherlands 165\r\nhttps://securelist.com/the-state-of-stalkerware-in-2021/106193/\r\nPage 3 of 10\n\n8 Romania 125\r\n9 Belgium 94\r\n10 Czechia 82\r\nTable 2 – 2021’s top 10 countries affected by stalkerware – Europe\r\nIn Russia and Central Asia, the total number of single affected users was 9,207. The top three countries were Russia,\r\nUkraine and Kazakhstan.\r\nCountry Affected users\r\n1 Russian Federation 7541\r\n2 Ukraine 490\r\n3 Kazakhstan 461\r\n4 Belarus 250\r\n5 Uzbekistan 223\r\n6 Azerbaijan 92\r\n7 Republic of Moldova 51\r\n8 Tajikistan 49\r\n9 Kyrgyzstan 40\r\n10 Turkmenistan 19\r\nTable 3 – Eastern Europe (excluding EU countries), Russia and Central Asia\r\nIn the Middle East and Africa region, the total number of affected users in the entire region was 6,270 with Turkey, Egypt\r\nand Saudi Arabia having the most affected users.\r\nCountry Affected users\r\n1 Turkey 660\r\n2 Egypt 640\r\n3 Saudi Arabia 575\r\n4 Kenya 271\r\n5 South Africa 240\r\n6 United Arab Emirates 143\r\n7 Nigeria 123\r\n8 Kuwait 68\r\n9 Oman 58\r\n10 Ethiopia 46\r\nTable 4 – 2021’s top 10 countries affected by stalkerware – Middle East and Africa\r\nIn APAC, the total number of affected users was 4,243. India was substantially ahead of other countries with 2,105 single\r\nusers affected. It was followed by Indonesia and Vietnam.\r\nCountry Affected users\r\n1 India 2105\r\n2 Indonesia 353\r\n3 Vietnam 258\r\n4 Philippines 240\r\n5 Malaysia 229\r\nhttps://securelist.com/the-state-of-stalkerware-in-2021/106193/\r\nPage 4 of 10\n\n6 Australia 205\r\n7 Bangladesh 169\r\n8 Japan 167\r\n9 Pakistan 98\r\n10 Sri Lanka 83\r\nTable 5  – 2021’s top 10 countries affected by stalkerware – Asia Pacific\r\nThe Latin America and Caribbean region ranking was dominated by one country: Brazil, which represented 72.5% of the\r\ntotal number of affected users in the region (and accounts for roughly 32% of the region’s population). Brazil was followed\r\nby Mexico and Colombia. The entire region had 6,609 affected users.\r\nCountry Affected users\r\n1 Brazil 4807\r\n2 Mexico 657\r\n3 Colombia 202\r\n4 Ecuador 192\r\n5 Peru 179\r\n6 Argentina 90\r\n7 Chile 73\r\n8 Venezuela 58\r\n9 Bolivia 46\r\n10 Haiti 36\r\nTable 6 – 2021’s top 10 countries affected by stalkerware – Latin America\r\nFinally, in North America, the United States accounted for 87% of all affected users in the region, which was expected given\r\nthat its population is ten times larger than that of Canada. The total number of affected users in North America, excluding\r\nMexico which has been included with the Latin America data, is 2,666.\r\nCountry Affected users\r\n1 United States of America 2319\r\n2 Canada 347\r\nTable 7 – 2021’s affected users by stalkerware – North America\r\nCommon functionalities of stalkerware applications\r\nThis section lists the stalkerware applications that are the most used to control mobile devices on a global level. Cerberus\r\nand Reptilicus were the most used stalkerware applications with 5,575 and 4,417 affected users, respectively, globally.\r\nApplication name Affected users\r\n1 Cerberus 5,575\r\n2 Reptilicus (aka Vkurse) 4,417\r\n3 Track My Phones 1,919\r\n4 AndroidLost 1,731\r\n5 MobileTracker Free 1670\r\n6 Hoverwatch 1,094\r\n7 wSpy 1,050\r\nTable 8 – 2021’s top list of stalkerware applications\r\nhttps://securelist.com/the-state-of-stalkerware-in-2021/106193/\r\nPage 5 of 10\n\nStalkerware applications can give tremendous power and access to its users, depending on the applications and whether they\r\nare used in free or paying mode. Some of them are marketed as anti-theft or parental control applications, however, they are\r\ndifferent in many ways, beginning with the fact that they work in stealth mode without the consent and knowledge of the\r\nvictim.\r\nMost of the popular applications provide common stalkerware functionality such as:\r\nHiding app icon\r\nReading SMS, MMS and call logs\r\nGetting lists of contacts\r\nTracking GPS location\r\nTracking calendar events\r\nReading messages from popular messenger services and social networks, such as Facebook, WhatsApp, Signal,\r\nTelegram, Viber, Instagram, Skype, Hangouts, Line, Kik, WeChat, Tinder, IMO, Gmail, Tango, SnapChat, Hike,\r\nTikTok, Kwai, Badoo, BBM, TextMe, Tumblr, Weico, Reddit etc.\r\nViewing photos and pictures from phones’ image galleries\r\nTaking screenshots\r\nTaking front (selfie-mode) camera photos\r\nAre Android OS and iOS equally affected by stalkerware?\r\nStalkerware tools are less frequent on iPhones than Android devices because iOS is traditionally a closed system. However,\r\nperpetrators can work around this limitation on jailbroken iPhones, but they still require direct physical access to the phone\r\nto jailbreak it. iPhone users who fear surveillance should always keep an eye on their device.\r\nAlternatively, an abuser can offer their victim an iPhone – or any other device – with pre-installed stalkerware. There are\r\nmany companies that make these services available online, allowing abusers to have these tools installed on new phones,\r\nwhich can then be delivered in factory packaging under the guise of a gift to the intended victim.\r\nThe use of stalkerware may be decreasing, but violence is not\r\nWhile we observe a decrease of 39% of affected users from our 2020 data, the fight against stalkerware and against cyber\r\nviolence is far from over. The number of affected users and some of the behaviors and perceptions around the use of\r\nstalkerware are still concerning. In November 2021, Kaspersky commissioned a global survey of more than 21,000\r\nparticipants in 21 countries on their attitudes towards privacy and digital stalking in intimate relationships. While the\r\nmajority of respondents (70%) do not believe it is acceptable to monitor their partner without consent, a significant share of\r\npeople (30%) doesn’t see any issue with it and find it acceptable under certain circumstances. Of those who think there are\r\njustifiable reasons for secret surveillance, almost two thirds would engage in the behavior if they believed their partner was\r\nbeing unfaithful (64%) or if it was related to their safety (63%) and half would if they believed their partner was involved in\r\ncriminal activities (50%).\r\nHigh-speed internet in conjunction with the rapid spread of information and communication technology (ICT) has supported\r\ncyber-violence by creating another tool for abusers to share violent and dangerous materials or engage in behaviors that\r\naffect emotional, psychological or physical damage. While these technologies have given people the ability to maintain\r\nsocial and emotional relationships across wide-ranging physical distances, ICT has also enabled cyber-violence – a\r\nconsequence that’s far-reaching effects extend to the offline world with real-life negative impacts on its victims.\r\nThe results of our survey corroborate this, with 15% of respondents worldwide being required by their partner to install a\r\nmonitoring app and 34% of those also experiencing physical and/or verbal abuse by that intimate partner.\r\nWhile it is too early to make definitive conclusions on the decrease of affected users in 2021, there are two theories that\r\ncould explain this trend.\r\nFirstly, we believe that all aspects of our lives are still heavily impacted by the pandemic. Recent studies[1] show that new\r\nbehaviors are emerging across areas of life such as work, learning, home, consumption, communications and information,\r\ntravel and mobility. In short, people are staying at home more (49% avoid leaving their homes and 50% are working from\r\nhome partially or entirely), reducing face to face interactions (57% indicate that they are socially distancing from friends and\r\nthe community) and traveling, and shopping, educating and entertaining themselves increasingly online. From an abuser’s\r\npoint of view, this could result in less need to spy on their partner, who is now in their sight most of the time.\r\nSecondly, the Internet of Things (IoT) and digitization are now everywhere in our lives. It fills our daily routines and our\r\nhomes, cars and offices. While the opportunities and advantages are endless, many devices also enable tracking by third\r\nparties. Our research suggests that perpetrators might also use other means, aside from stalkerware, to track their partners,\r\nwith 50% of respondents to our survey indicating that they have been tracked through phone apps, another 29% mentioning\r\nthey had been traced through tracking devices, 22% through webcams and 18% through smart home devices.\r\nApple’s recent January 2022 publication of a safety manual for its AirTag product marks a shift in the perception of the\r\nsituation.\r\nhttps://securelist.com/the-state-of-stalkerware-in-2021/106193/\r\nPage 6 of 10\n\nNNEDV, the National Network to End Domestic Violence and WWP EN, the European Network for the Work with\r\nPerpetrators of Domestic Violence share with us their experience and views on these two theories and on tech abuse in\r\ngeneral.\r\nHow measures imposed by governments during the pandemic facilitated and reinforced perpetrators’ coercive\r\ncontrol – Berta Vall Castelló, Research and Development manager and Anna McKenzie, Communications manager at WWP\r\nEN\r\nThe European Network for the Work With Perpetrators of domestic violence (WWP EN) is a membership association of\r\norganisations directly or indirectly working with people who perpetrate violence in close relationships. The main focus of\r\nWWP EN is violence perpetrated by men against women and children. The mission of WWP EN is to improve the safety of\r\nwomen and their children and others at risk from violence in close relationships, through the promotion of effective work\r\nwith those who perpetrate this violence, mainly men.\r\nCoercive control is defined as “a pattern of abusive behavior designed to exercise domination and control over the other\r\nparty to a relationship. It can include a range of abusive behaviors – physical, psychological, emotional or financial – the\r\ncumulative effect of which over time robs victim-survivors of their autonomy and independence as an individual”\r\n(McGorrery and McMahon, 2020). As we write in our manual “Same Violence, New Tools – How to work with violent men\r\nwho use cyberviolence,” perpetrators isolate their partners and make them emotionally dependent. They use assaults, threats,\r\nintimidation, humiliation, isolation and more to create a constant sense of fear, as well as a general loss of a sense of\r\nfreedom. ICT technologies are powerful tools for perpetrators exerting coercive control, especially in relationships where\r\nviolence is already present offline.\r\nA recent review on domestic violence during the COVID-19 pandemic found that the measures imposed by the government\r\nduring lockdown facilitate and reinforce perpetrators’ coercive control. The authors suggested that the conditions of\r\nisolation/physical distancing imposed by the governments overlap with coercive control strategies used by perpetrators to\r\ncontrol their partners (Pentaraki and Speake, 2020). Considering these results, it seems likely that perpetrators feel less of a\r\n“need” to use stalkerware to exert coercive control over their partners. Moreover, recent research has observed that\r\ntechnology-facilitated abuse often escalates during a period of separation (George and Harris 2014; Woodlock 2016).\r\nTherefore, during a lockdown situation where couples were forced to stay together at home, they are less likely to use\r\ntechnology-facilitated abuse.\r\nWe must remember that a decrease in the use of stalkerware does not equal a decrease in overall intimate partner violence\r\n(IPV) during the pandemic. On the contrary, Boxall, Morgan and Brown (2020) note that IPV has increased during the\r\nCOVID-19 pandemic. Therefore, the results in this report indicate that stalkerware has been replaced with other tools. As\r\nElena Gajotto, from Italian NGO Una Casa per l’Uomo, remarks: “It is so easy to monitor and track someone, for example\r\nby using their Google account, that you don’t really need to use stalkerware.” The wide variety of possible technology-facilitated abuse might have had an impact on the decrease in the use of stalkerware specifically. Letizia Baroncelli, from\r\nItalian NGO Centro Ascolto Uomini Malttratanti (CAM), agrees and adds: “I think we see less stalkerware because there are\r\nso many other forms of perpetrating digital abuse.”\r\nHowever, NGOs, governments and researchers have reported a substantial increase in image-based abuse and sextortion\r\nsince the start of the pandemic (Boniello, 2020; CCRI, personal communication, June 2, 2020; FBI, 2020, 2021). It seems\r\nthat this type of technology-facilitated abuse has escalated, especially among teenagers and couples who do not live\r\ntogether. As Letizia Baroncelli notes: “Sharing personal pictures has increased a lot since the pandemic, especially among\r\nyoung perpetrators. They do not understand that they are committing a crime.” As Elena Gajotto adds: “Image-based abuse\r\ncauses devastating harm to the women who experience it, while the men don’t even understand that they did something\r\nbad.”\r\nSeveral WWP EN members have shared that the most common form of digital violence is men monitoring their partners’\r\ndigital activities, e.g. by checking emails, phones and social accounts. This is in line with observations from Daniel\r\nAntunovic, from Croatian NGO UZOR, who agrees that the ‘primitive’ forms of digital stalking are the ones he sees most\r\noften.\r\nAt WWP EN, we consider it key to focus on tech-facilitated abuse to ensure victim safety. Elena Gajotto adds: “Around half\r\nof the men share their digital violence, without realizing that this is abuse. If we don’t explicitly focus on this violence in our\r\nwork with perpetrators, it doesn’t come up.” Therefore, there is a need to increase the capacity of professionals working with\r\nperpetrators and professionals working with victims of domestic violence to screen for and intervene in cases of digital\r\nviolence. As Daniel Antunovic adds: “We haven’t encountered as many cases of digital violence as I expected since COVID-19. However, technology-facilitated abuse is in some ways like sexualized violence. It happens a lot, but it remains hidden.”\r\nThere is a growing rate of “smart devices” used in intimate partner violence – Toby Shulruff, Tech Safety Project\r\nManager at NNEDV\r\nNNEDVs Safety Net Project focuses on the intersection of technology, privacy, confidentiality, and innovation, as it relates\r\nto safety and abuse by advocating for policies, educating and training advocates and professionals in the justice system, and\r\nhttps://securelist.com/the-state-of-stalkerware-in-2021/106193/\r\nPage 7 of 10\n\nworking with communities, agencies, and technology companies to respond to technology abuse, support survivors in their\r\nuse of tech, and harness tech to improve services.\r\nWhile stalkerware is a common concern, there are many other tools available for tech abuse that may appear to be\r\nstalkerware, but are not. For example, personal information available online and the everyday features of devices and\r\naccounts can be used to find a person’s location or track their activity. The complexity and connections between devices,\r\naccounts, and information on the internet can make it difficult for victims and those who work with them to assess what’s\r\nhappening, and to implement an effective response. It can be terrifying and overwhelming for a survivor to realize an abuser\r\nknows multiple details about their everyday lives.\r\nUnfortunately, there is a growing rate of “smart” devices— including home assistants, connected appliances, and security\r\nsystems connected to WiFi networks and smartphones—used in intimate partner violence.\r\nIn a survey conducted by the NNEDV in December 2020 and January 2021, responses revealed an increase in every type of\r\ntech abuse during the pandemic. While phones are the technology most often misused, NNEDV’s needs assessment shows\r\nthis to be the case 87% of the time, “smart” or connected devices were also identified as technologies that are increasingly\r\nmisused in the context of tech abuse, seen regularly by about a third of support professionals.\r\nAs more people adopt the use of IoT devices, this will likely grow. These products are intended to increase convenience and\r\nefficiency. The manufacture of IoT devices is a rapidly emerging global market with both larger, well-established players as\r\nwell as many smaller, newer companies[2]. IoT is made possible by several overlapping trends in technology:\r\nminiaturization, increased processing capacity, increased data storage, decreased cost of manufacturing, and connectivity.\r\nDue to a variety of factors – market pressures, the rapid emergence of the technology, and the complexity of the IoT –\r\nprofound risks to security and privacy are increasingly apparent[3]. Smart home devices in particular are being misused in\r\nthe context of intimate partner violence to control, threaten, and cause harm to victims. [Researchers at the Gender + IoT\r\nproject at University College London[4] have been exploring these harms] [and proposing remedies in partnership with\r\nsupport professionals in the field.]\r\nNNEDV’s recent needs assessment documented increases in tech abuse tactics throughout the pandemic. We are concerned\r\nthat as we emerge from this public health crisis, abusers who have adopted these tactics or have increased their misuse of\r\ntechnology during this time will not have any incentive to discontinue this form of abuse. Recent research[5] suggests\r\nsupport professionals should ask about all kinds of tech abuse, including stalkerware and smart home devices. There is a\r\nstrong likelihood the spike in tech abuse support professionals have seen will stay with us. It’s imperative we continue to\r\nsupport victims, and work to prevent technology abuse.\r\nHow Kaspersky and its partners are collaborating to fight stalkerware\r\nThe threat of stalkerware is not just a technical problem: all parts of society need to be involved in resolving the issue. For\r\nthe past few years, Kaspersky has been at the forefront of the stalkerware debate. We are reaching out to public and private\r\nstakeholders to better understand this issue and find common solutions. We are contributing to the development of training\r\nmaterials and practical tools to support non-profit organizations, corporations, institutions and individuals with developing\r\nresilience to stalkerware. We are organizing and participating in webinars and roundtables with institutions to share our\r\nvoices and contribute to discussions that will shape tomorrow’s legislation.\r\nKaspersky is one of the co-founders and drivers of the Coalition Against Stalkerware (CAS) – an international working\r\ngroup dedicated to tackling stalkerware and combating domestic violence. The Coalition brings together organizations that\r\nwork with victims and abusers, digital activists and cybersecurity vendors. It is a unique platform that enables all relevant\r\nstakeholders to share best practices and join forces to tackle the issue of stalkerware.\r\nKaspersky is also one of the partners of the DeStalk project. Funded by the European Commission, this research project\r\naims to develop a strategy to train and support professionals working in victims support services and perpetrator\r\nprogrammes, officers of institutions and local governments along with other relevant groups. The consortium plans to\r\nupgrade and test existing tools for practitioners and is developing a regional pilot awareness campaign in Italy.\r\nIn 2021, we teamed up with INTERPOL and two respected non-profit organizations from the US and Australia to provide\r\nlaw enforcement officials with two online training sessions. These courses were attended by over 210 participants from\r\naround the world.\r\nAt the end of 2021, Kaspersky also participated in an event, “Combating violence against women in a digital age – utilising\r\nthe Istanbul Convention”, organized by the Council of Europe. This event was an opportunity to discuss the\r\nrecommendations of the Group of Experts on combating violence against women and domestic violence (GREVIO).\r\nTinyCheck: a tool to support victims of domestic violence\r\nKaspersky’s work with the TinyCheck tool is an initiative worth highlighting. It is a free, open-source tool developed and\r\nsupported by Kaspersky. Initially created to help NPOs protect victims of domestic violence and their privacy, TinyCheck\r\nfacilitates the detection of stalkerware on victims’ devices and on any OS in a simple, quick and non-invasive way without\r\nhttps://securelist.com/the-state-of-stalkerware-in-2021/106193/\r\nPage 8 of 10\n\nmaking the perpetrator aware. While security solutions can also check for and alert about stalkerware, they need to be\r\ninstalled on the device, so there is a risk of the perpetrator also being alerted. Developments like the TinyCheck tool aim to\r\nensure that survivors can use their devices without concerns about being surveilled.\r\nWith TinyCheck, no application needs to be installed on the device to perform the check, and the results of the check are not\r\ndisplayed on or transmitted to the potentially infected device. In addition, TinyCheck allows victims to check any device\r\nregardless of whether it uses iOS, Android or another OS. These features address the two major issues in the fight to protect\r\nusers against stalkerware. The tool has been developed to run on a Raspberry Pi, using a regular Wi-Fi connection.\r\nTinyCheck quickly analyzes a mobile device’s outgoing traffic and identifies Indicators of Compromise (IOCs), such as\r\ninteractions with known malicious sources like stalkerware-related servers. Currently, the tool uses IOCs collected not only\r\nby Kaspersky researchers but also by repositories maintained by independent security researchers (special thanks to Etienne\r\nMaynier, also known as Tek, from Echap and Cian Heasley). We hope that the community will continue this work by\r\nkeeping IOCs up-to-date.\r\nHaving said that, the limitations of TinyCheck need to be understood. The tool should be used with the following warning in\r\nmind: IOCs do not provide complete real-time detection of all stalkerware apps like an IT Security solution does. Therefore,\r\na result detecting no stalkerware does not exclude the possibility that stalkerware has been installed but not detected by\r\nTinyCheck.\r\nIn 2021, more NPOs in the field of domestic violence tested TinyCheck and provided feedback to help improve the service.\r\nPolice forces and judicial bodies in several countries have also taken an interest in the tool to better support victims.\r\n2021 has seen positive developments on the regulatory and institutional fronts\r\nAcross the world, 2021 has seen some positive developments in the fight against stalkerware from a regulatory and\r\ninstitutional point of view. In May 2021, the Diet, Japan’s parliament, enacted a bill to amend their stalker regulation law.\r\nUnder the revised law, in addition to other stipulations, obtaining location information of people’s smartphones through apps\r\nwithout their authorization is now illegal.\r\nIn August 2021, the Federal Trade Commission in the United States barred one app maker from offering stalkerware. It was\r\nthe first ban of its kind.\r\nOn August 17, 2021, the German Bundestag passed the “Act to Amend the Criminal Code – More Effective Combating of\r\nStalking and Better Coverage of Cyberstalking” (translated from German). The new law entered into force on October 1,\r\n2021, and now includes cyberstalking in their catalog of offenses. The change is because of continued technological\r\nprogress and the associated increase in cyberstalking, particularly via stalking apps or stalkerware. In addition, an important\r\npart of the new law is that it classifies a case as serious if the offender “in the course of an offense, uses a computer program\r\nwhose purpose is the digital spying on other persons.”\r\nThe Council of Europe has been very active on this topic in 2021. In its first recommendation on the “digital dimension” of\r\nviolence against women, the Council of Europe’s Group of Experts on Action against Violence against Women and\r\nDomestic Violence (GREVIO) defines and outlines the problems of both gender-based violence against women committed\r\nonline and technology-enabled attacks against women, such as legally obtainable tracking devices that enable perpetrators to\r\nstalk their victims. This was shortly followed in December 2021 by a legislative initiative report on gender-based\r\ncyberviolence that was adopted by the European Parliament. The report calls for (i) a common definition of gender-based\r\ncyberviolence and (ii) capacity building for stakeholders. It highlights stalkerware among the key methods of cyberviolence\r\nand “dismisses the notion that stalkerware applications can be considered parental control applications”. Following the\r\ngeneral recommendations of the Council of Europe, this report, although non-binding, is another positive official document\r\nhighlighting the stalkerware issue and pushing European states to adapt their legislations and actions to counter the issue.\r\nFinally, on March 8th, 2022, the European Commission published a proposal for a Directive of the European Parliament and\r\nof the Council on combating violence against women and domestic violence. The document covers cyber violence and\r\ndedicates two articles to cyber stalking (Art 8) and cyber harassment (Art 9) that it proposes to criminalize.\r\nThink you are a victim of stalkerware? Here are a few tips\r\nWhether or not you are a victim of stalkerware, here are a few tips if you want to better protect yourself:\r\nProtect your phone with a strong password that you never share with your partner, friends or colleagues\r\nChange passwords for all of your accounts periodically and don’t share them with anyone\r\nOnly download apps from official sources, such as Google Play or the Apple App Store\r\nInstall a reliable IT security solution like Kaspersky Internet Security for Android on devices and scan them regularly.\r\nHowever, in the case of potentially already installed stalkerware, this should only be done after the risk to the victim\r\nhas been assessed, as the abuser may notice the use of a cybersecurity solution.\r\nVictims of stalkerware may be victims of a larger cycle of abuse, including physical. In some cases, the perpetrator is\r\nnotified if their victim performs a device scan or removes a stalkerware app. If this happens, it can lead to an escalation of\r\nhttps://securelist.com/the-state-of-stalkerware-in-2021/106193/\r\nPage 9 of 10\n\nthe situation and further aggression. This is why it is important to proceed with caution if you think you are being targeted\r\nby stalkerware.\r\nReach out to a local support organization: to find one close to you, check the Coalition Against Stalkerware\r\nwebsite.\r\nKeep an eye out for the following warning signs: these can include a fast-draining battery due to unknown or\r\nsuspicious apps using up its charge and newly-installed applications with suspicious access to use and track your\r\nlocation, send or receive text messages and other personal activities. Also check if your “unknown sources” setting is\r\nenabled, it may be a sign that unwanted software has been installed from a third party source. It is important to note\r\nthat the above signs are only symptoms of possible stalkerware installation, not a definitive indication.\r\nDo not try to erase the stalkerware, change any settings or tamper with your phone: this may alert your potential\r\nperpetrator and lead to an escalation of the situation. You also risk erasing important data or evidence that could be\r\nused in a prosecution.\r\n[1]\r\n https://www.pwc.com/us/en/industries/consumer-markets/library/covid-19-consumer-behavior-survey.html;\r\nhttps://www.mckinsey.com/~/media/mckinsey/industries/retail/our%20insights/how%20covid%2019%20is%20changing%20consumer%20behavior%20n\r\ncovid-19-is-changing-consumer-behaviornow-and-forever.pdf;\r\n[2]\r\n Internet Society. (2015). The Internet of Things: An overview. https://www.internetsociety.org/wp-content/uploads/2017/08/ISOC-IoT-Overview-20151221-en.pdf or https://www.internetsociety.org/iot/\r\n[3]\r\n Internet Society. (2015). The Internet of Things: An overview. https://www.internetsociety.org/wp-content/uploads/2017/08/ISOC-IoT-Overview-20151221-en.pdf or https://www.internetsociety.org/iot/\r\n[4]\r\n Tanczer, L., Neira, I. L., Parkin, S., Patel, T., \u0026 Danezis, G. (2018). The rise of the Internet of Things and implications for\r\ntechnology-facilitated abuse. University College London.\r\n[5]\r\n Freed, D., Palmer, J., Minchala, D., Levy, K., Ristenpart, T., \u0026 Dell, N. (2017). Digital technologies and intimate partner\r\nviolence: A qualitative analysis with multiple stakeholders. Proceedings of the ACM on human-computer interaction,\r\n1(CSCW), p.1-22.\r\nSource: https://securelist.com/the-state-of-stalkerware-in-2021/106193/\r\nhttps://securelist.com/the-state-of-stalkerware-in-2021/106193/\r\nPage 10 of 10",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://securelist.com/the-state-of-stalkerware-in-2021/106193/"
	],
	"report_names": [
		"106193"
	],
	"threat_actors": [],
	"ts_created_at": 1775434703,
	"ts_updated_at": 1775791327,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/64f0e5dbeece202a2a9b53eb7ec9a5aebfa2c922.pdf",
		"text": "https://archive.orkl.eu/64f0e5dbeece202a2a9b53eb7ec9a5aebfa2c922.txt",
		"img": "https://archive.orkl.eu/64f0e5dbeece202a2a9b53eb7ec9a5aebfa2c922.jpg"
	}
}