Spyware is malicious software programmed to collect information without the user’s knowledge: as the name suggests, it acts as a spy.

As such, once it enters the targeted electronic device (computer, smartphone, tablet), it can observe and record everything that is stored there, from passwords to contacts in the address book, and all the activities that the user performs, from phone calls made to what is typed on the keyboard. Some spyware can even activate the camera and microphone and compromise the system’s functionality.

“Unwanted guests,” known even to non-experts in the field – and to those who, fortunately, have never been victims of them – because both fictional narrative in films and TV series and the news offer illustrious examples. This does not mean knowing how to defend oneself.

In this article, we will see what spyware is, what its main types are, and how it infiltrates users’ devices (with a couple of exemplary cases, drawn from fiction and reality). We will conclude with some tips for defending our devices (and our data) from a insidious and potentially very damaging threat.

  1. The main types of spyware
  2. How spyware spreads
  3. Spyware in fiction and reality
  4. How to defend yourself

The main types of spyware

Considering that there is no unique and internationally recognized malware taxonomy, and that the classification generally relies on the functionality and objectives of malicious software, it can be useful to clarify the nomenclature when dealing with spyware.

As we said, spyware is malware that collects information about the victim and transmits it to the attacker.

Spyware Vs Trojan Horse

When talking about “spyware,” it is inevitable to also talk about “Trojan Horse” (or simply trojan): the two terms are often associated and for this reason, they are sometimes overlapped and confused. But they are not the same thing.

The Trojan Horse is an infection strategy: it is what carries the threats, and as such, it can contain any type of malware, from ransomware to spyware.

To succeed in its intent, it behaves like the Trojan horse of Greek mythology from which it takes its name: like this, apparently innocuous, it concealed the warriors who would have invaded the city, so the Trojan Horse infiltrates the electronic device under false pretenses, to not be recognized, and then act undisturbed (releasing the malware it carries with it).

Having clarified this point, let’s go back to the types of spyware.

Other types of spyware

Infostealers (or Trojan Infostealer, if you want to refer to the “container” of the spyware) steal information: login data for various user accounts, browser and system data, email addresses, documents, etc. This is evidently a macro-category, given the variety of information found on PCs and smartphones.

If the degree of specialization is more specific, one can speak of Trojan IM (Instant Messenger), used for data theft from instant messaging, Trojan PSW (Password), for password theft, Trojan Mailfinder, specializing in email theft, and so on.

A particularly dangerous and feared category, as well as widespread, is that of Banking Trojans, programmed to capture the user’s online banking activities with the aim of cloning credit cards or hacking bank accounts (given the level of exposure, the banking sector is not surprisingly one of the most attentive and advanced in terms of cyber security).

Keyloggers are malware that spy on a user’s keyboard by recording all the activities performed on it, such as what is typed on the keyboard, searches made on the browser, and screenshots taken. Keyloggers are the quintessential spyware, “ideal” for pursuing illicit purposes such as stealing sensitive information, and as such are widely used in cybercrime.

As for digital interceptors, with a more neutral and also enigmatic name compared to the “speaking names” seen so far, these are programs that intercept written or telephone communications and are used for investigative – not fraudulent – purposes by competent authorities (subject to thorny political and legal debates to clearly and fairly define their boundaries of use).

How spyware spreads

The Trojan horse was brought within the walls of the city by the Trojans themselves. Does the same thing happen with digital Trojan horses that carry spyware? Unfortunately, very often, yes. The number of users who unwittingly open the doors of their home (i.e., their computer, tablet, or smartphone) to all kinds of malware, including spyware, is still very high.

The most elementary means that spyware can use to violate someone else’s electronic device are links and attachments. Hence, the first rule of cybersecurity: never click on suspicious links, nor open emails or related attachments of dubious origin.

Spyware can also hide in browser plugins or extensions, external storage devices such as USB drives, or smartphone apps. A more sophisticated level of infiltration involves the use of cookies, i.e., browsing data packages that websites store on the user’s computer.

Spyware exploits both social engineering techniques, which explains the infinity of deceptive messages used to induce users to “accept” the infected vector, as well as browser vulnerabilities. The outcome varies depending on the victim’s level of awareness, the security measures adopted, and the level of technology employed by the malicious software to bypass them.

Spyware in fiction and reality

The world of spyware and malicious hacking, in general, has gained popularity in recent years with the TV series Mr. Robot, released in Italy in 2016.

The protagonist is a skilled hacker, wearing a black hoodie as the stereotype dictates, mainly engaged against multinational high finance and technology companies (which, in the series, use the same means against their competitors and employees).

The series highlights themes of great current and economic, social, and ethical relevance, all revolving around cybersecurity and its violation.

On the other hand, a case that has made headlines around the world in the last two years has nothing to do with fiction.

We’re talking about Pegasus, produced by the Israeli agency NSO Group and capable of accessing smartphones and all the data and features of the device through “zero-click” messages (which do not require any action on the user’s part).

According to NSO Group’s statements, Pegasus is a digital interceptor reserved for governments and law enforcement agencies, with the exclusive purpose of preventing and limiting criminal and terrorist acts.

According to the investigation by the non-profit organization Forbidden Stories, and according to the report by Amnesty International, which provided technical support for forensic analysis, Pegasus was also used to monitor groups of activists and political dissidents, journalists, and private citizens.

And that’s why it has been the subject of global attention and concern.  

How to defend yourself

Beyond the extreme cases that fiction and news occasionally bring to our attention, it is clear that spyware represents a insidious and potentially very harmful threat: knowing what spyware is, and therefore how to defend yourself, is essential for anyone who has a computer and a smartphone (that means everyone!).

The first and most important defense is self-defense, and self-defense starts with good security practices that we have to put into practice. Let’s remember the basic rules:

  • Do not click on links and do not download files or software from untrustworthy, little-known, unofficial sources, and generally from suspicious sources
  • Always keep your operating system up to date, as well as all installed programs and applications. Developers regularly release updates that often include patches for known vulnerabilities, which in the absence of updates can be the gateway to deliver spyware
  • Install a good security program: a reliable and advanced quality software, capable of detecting and blocking the latest and most sophisticated threats.