Spyware

Spyware is software installed on a device, with or without the owner’s knowledge, that exfiltrates data to a third party. The category covers a spectrum from consumer-grade stalkerware (mSpy, FlexiSpy, Cocospy, sold on the open web for $30 a month, marketed as parental control) to mid-tier commercial implants (Predator, Hermit, sold to law enforcement) to nation-state mercenary tools (Pegasus, sold only to governments).

What it means in practice

The capability scales with the price tier. Consumer stalkerware reads SMS, captures call logs, mirrors WhatsApp and Telegram, tracks GPS, takes ambient photos. Installation requires physical access to the device and the unlock code; once installed, the icon hides and the app survives reboot. Commercial spyware adds zero-day exploitation: no physical access required, deployed via SMS, email, malicious link, or pure zero-click chains over messaging apps. Detection is nearly impossible at the consumer level (stalkerware is designed to be invisible to the device user), and possible-but-difficult at the mercenary level (requires specialist forensic analysis). The threat landscape has shifted from “is this person tech-savvy enough to install it” toward “did someone with $30 and 10 minutes of access to your phone install it last weekend.”

Who is targeted, and by whom

Consumer stalkerware is overwhelmingly deployed by abusive partners (active or former) against women, by controlling parents against teenagers, by employers against employees in jurisdictions where it is legal. Coalition Against Stalkerware (operated by EFF, Kaspersky, NNEDV, and others) tracks documented cases and has published removal guides for the major products. Commercial and nation-state spyware is deployed by law enforcement against criminal targets and by intelligence services against journalists, activists, and political opposition (see Pegasus). The targeting overlap is small: most journalists will never face Pegasus but might face an ex-partner installing mSpy. Both threats require different defenses.

What you can change today

If you suspect your device was compromised by a partner or family member with physical access, do not factory-reset alone (the reset can destroy forensic evidence needed in a future legal case). Steps in order: photograph the device screen and the suspicious app list before doing anything, get a clean phone (any working device, not from the same household), document the dates of suspected installation, contact a domestic-violence advocate or the Coalition Against Stalkerware for the documented removal procedure, then do the reset. For mercenary-tier suspicion (you reported on intelligence services and your phone is acting strange), do not factory-reset, do not power off, contact Citizen Lab or Amnesty Security Lab through a different device.

Related articles