Antivirus Software Is Getting Better at Detecting Stalkerware

Analysts from the independent lab AV-Comparatives and the Electronic Frontier Foundation (EFF) have found that the detection of stalkerware apps on Android and Windows devices is gradually improving. Stalkerware refers to commercial spyware that is marketed as legal software. It allows someone to access personal data stored on other users’ smartphones and tablets.

Stalkerware often disguises itself as parental control apps, employee monitoring tools, or even remote access utilities intended for corporate use. Typically, this software is used for secretly monitoring people, including by perpetrators of domestic abuse, and therefore poses serious risks to those whose devices are targeted.

The experts published a report showing that their research was divided into two phases: the first in November 2019 and the second in May 2020. For testing, researchers selected 20 stalkerware samples for Android and 10 for Windows, based on the popularity of these products in the United States.

It turned out that 10 mobile antivirus apps for Android and 10 antivirus products for Windows have become quite effective at detecting some of the most common types of stalkerware. As a result, many antivirus companies significantly improved their detection rates between November 2019 and May 2020.

Detection Rates Are Rising

According to AV-Comparatives analysts, in November 2019, the detection rate for spyware apps on Android ranged from 30% to 95%, with two products detecting less than 50% of test cases. During the same period, the overall detection rate for stalkerware on Windows was even lower than on Android: the best result was just 70%, and only two security products reached that level.

Six months later, in May 2020, most products for both Android and Windows had significantly increased their stalkerware detection rates. Nine out of ten Android products detected between 75% and 95% of malicious samples. All Windows products improved to at least 70%, and four programs achieved a perfect 100% detection rate.

Cybersecurity Industry Responds to the Threat

Experts say the results of this study are encouraging, as they show the cybersecurity industry is finally starting to take stalkerware seriously. Since 2018, the Electronic Frontier Foundation has been pushing the industry to classify such products as malicious and to raise user awareness about this threat. Since then, more antivirus companies have added rules for detecting spyware to their products, and some have even joined the Coalition Against Stalkerware, a nonprofit group aimed at increasing awareness of this issue.

According to Kaspersky Lab, the number of mobile device users in Russia attacked by stalkerware tripled in 2019.