You may have heard about some of the different types of malicious software that can be installed on your device to track your activity and effectively turn your device into a “mic.” Sounds a little scary – does such software represent a real danger?
Imagine checking your phone and suddenly seeing this message: “We know your password is XYZ – and we know much more than that! Unless you pay us, private videos of you will be sent to your all contacts.” Reading an email like this would no doubt leave the recipient anxious. However, cyber blackmail and sextortion scams are often presented as more terrifying than they really are, but this does not make them less of a real issue.
If you have ever received an email like this, the cyberattackers likely have nothing more on you than your password. Cybercriminals searching for leaked login credentials on the dark web is a basic practice, and they then use the passwords to blackmail and/or pressure people into sending them money or data. But is it possible that someone is actually stalking you via your device?
Unfortunately, the answer is yes. Various forms of malware may be used to track your activity without you knowing.
- Spyware monitors someone’s activity to obtain sensitive data (like login credentials or payment details) to sell on the dark web. The malware is hidden and installed without consent, for instance, from phishing emails or website links. Spyware is typically not directly targeted at a specific victim-its goal is to get into as many devices as possible.
- Stalkerware has to be physically and deliberately installed onto your device (unlike spyware), often by someone you know – such as a suspicious partner. this means the malware targets one specific person and is often installed for personal reasons. It can track a user’s activity on their device, but it usually isn’t used to obtain login credentials or payment details.
- Bossware is software used to monitor employees’ activity on their work devices. Since the pandemic and the drastic increase in remote work, bossware has become more common. It can be installed legally and should be used purely for occasional work-related monitoring. However, it can represent a privacy issue since employees often cannot determine how much information it tracks or for what purpose.
If you ever receive an email urging you to pay money unless you want your personal footage released, don’t fall for it – it is likely just a trap. Still, it pays off to check your device and make sure there are no signs of spyware in it.
How to recognise if you’ve been compromised
- Unusual changes in your device’s performance. Malware may need to use your internet data and battery to function, resulting in faster battery drain, spikes in internet data usage, or slower response time. While these signs may not be a concern, consider further checking your computer for any unusual finds.
- Unknown apps on your computer. Try to do a malware scan, and check which apps are currently running on your device. Consult with your IT team if you don’t know some of them.
- Strange videos or pictures. Criminals may take videos of you through your webcam and send the footage to themselves, but sometimes they leave traces, such as unusual videos or photographs. If you find any of those in your folders, contact IT to get your device checked.
- Your camera’s control light goes on without you using it. Even though cybercriminals may be able to turn the light off, sometimes they fail to deactivate it.
- Your settings are changed. Cybercriminals may try to change your settings and make their malicious attempts easier for themselves. Check your security settings, and if you see that they have been disabled without you knowing, contact your IT team.
You’ve got a message from a hacker – what now?
- Don’t panic. Before you do anything, remember that cybercriminals often hope to manipulate you into rushed actions using false information, so anything stated in their message may be untrue.
- Don’t interact. The messages may include hidden malware, so avoid clicking on any links, attachments, or images.
- Don’t pay. Paying cybercriminals only helps them to continue with their illegal businesses, and in most cases, not paying the ransom may not lead to any consequences.
- Don’t leave your accounts unsecured. Cybercriminals may target their victims based on lists of leaked credentials. Try to regularly change your passwords, use different passwords for each of your accounts, and use a password manager so you can keep track of them. If you want to know whether your credentials have ever been leaked, visit Have I Been Pwned?
The truth of the matter is that malicious software does present a significant risk. While there are plenty of valid and beneficial uses for activity-tracking applications, more software developers are creating ways to exploit user data and privacy in order to make money. It is important to always remain vigilant and exercise good security practices on all your devices. A few moments of caution can save you a lot of trouble down the road!
Want to learn more about ESET? Visit us at www.eset.com/uk.