Antivirus companies, anti-abuse nonprofits join forces to combat stalkerware

More cybersecurity companies are taking the software seriously, even though the apps are not typically flagged as malicious.
(Getty Images)

An array of businesses and nonprofits are stepping up their efforts to counter “stalkerware,” the surveillance software that has been linked with domestic abuse.

The Coalition Against Stalkerware, unveiled Tuesday, comprises antivirus companies Avira, Kaspersky, and Malwarebytes; digital rights group Electronic Frontier Foundation; and organizations such as the National Network to End Domestic Violence.

The initiative draws attention to shady mobile apps that are advertised to monitor workplaces or children but are often used by abusive spouses or partners. The cybersecurity industry has traditionally not flagged such apps as malicious, but there is a growing effort to do so.

For now, the coalition is offering its website to educate the public on stalkerware and to exchange ideas on ethical software development. Organizers are aiming to grow the coalition into a forum for law enforcement, corporations, and nonprofits to collaborate in countering stalkerware.


The coalition’s website will also offer a list of indicators that users can check to see if they suspect they are victims of stalkerware, along with nuanced advice on how to deal with a compromise. It may not always make sense, the coalition said, to immediately remove stalkerware from a mobile phone because that “could erase evidence critical to a law enforcement investigation.”

Following a push by Eva Galperin, EFF’s director of cybersecurity, for the industry to take stalkerware more seriously, antivirus companies have stepped up. In April, Kaspersky announced a feature for Android phones that flags stalkerware as malicious.

There are a lot of bad apps to flag: Kaspersky said that in 2019 stalkerware has directly affected more than 37,000 users— a 35 percent jump in cases from 2018.

“I think there are a lot of people that are interested in this issue and they don’t necessarily know what to do,” Galperin told CyberScoop, adding that the coalition can serve as that focal point for countering stalkerware.  “It’s my hope that detecting stalkerware will become the new norm in the antivirus industry.”

Vyacheslav Zakorzhevsky, head of anti-malware research at Kaspersky, said that members of the coalition would leverage their respective areas of expertise.


“The IT security industry gives its input by improving detection of stalkerware and better notifying users of this threat to their privacy,” Zakorzhevsky said. “Meanwhile, service and advocacy organizations directly work with victims of domestic violence, know their pain points and requests, and can guide our work.”

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts