Hello Community! I wanted to share Kelvin's latest Weekly Threat article with you. (If you missed it, we did this last week too.) I find these helpful and hope that you do too.

Stalkerware

Sometimes a file’s determination can change over time. What was considered good years ago might now be bad and what might have been suspicious in the past might now be considered OK by the security industry at large.



While you might consider threat research to be all about geeky behavioural and file analysis, sometimes huge changes can happen in determinations based on moral or philosophical debate. One woman has spearheaded a recent campaign that looks set to change the way we think about Stalkerware. Eva Galperin had been helping out abuse victims for a year before she decided to start a crusade against this entire industry.

Hacker Eva Galperin (@evacide) presenting on the topic in Singapore last week

What is Stalkerware?

Imagine you get a present of a phone from a partner. Over the next while you notice that they seem to know everything about your movements and private life. Stalkerware programs are designed to be completely hidden from view and they give their operators almost full access to everything on a phone. They are often marketed to help “stop cheaters” but they have a history of being a favored tactic of controlling and violent lovers. Pictures and private data can later be used to extort and control the victim.



This kind of software comes with many different labels: child monitoring, employee monitoring, spouse monitoring etc. It’s also not limited to mobile and has been long available for other platforms such as Windows. This software is mostly sold openly and legally by companies making tidy profits.

What Can We Do About it?

Webroot has been blocking the vast majority of this mobile software for years. A recent review of our practices meant our mobile threat team had very little extra to reclassify to align ourselves with this global shift in thinking. If you suspect you might be a victim of this kind of spying, there is help out there and your AV provider would be a good place to start.

More Email Hijacking

Following my recent blog and other similar articles, more reports of email/conversation hijacking are appearing online. This time real email conversations are being hijacked to help push Emotet. Emotet is a ferociously dangerous piece of modular malware that can spread across a whole network in minutes dropping all kinds of other malware so don’t be the one to fall for this trick.