Cybersecurity companies are partnering with domestic violence prevention organizations to take on stalkerware -- tools widely used by abusive partners to track victims without their knowledge. In October, the Federal Trade Commission, but this new coalition is looking to do more.
On Tuesday, ten groups announced they were creating the Coalition Against Stalkerware, which aims to help affected victims and spread awareness about the stalking tool. The groups include cybersecurity companies like Kaspersky, Malwarebytes, NortonLifeLock, along with organizations like the National Network to End Domestic Violence and Operation Safe Escape.
Stalkerware is frequently used by stalkers and abusers who quietly download the tracking apps onto victims' phones. The apps send constant updates like a person's location data, phone calls, text messages, photos and microphone feeds. These apps are often disguised as "family tracking apps," and can slip by antivirus programs and app stores.
Eva Galperin, who heads cybersecurity for the Electronic Frontier Foundation, called for antivirus companies to start flagging stalkerware in April. The coalition announced Tuesday is a collaborative effort toward that end.
"Stalkerware, used for spying on phones and computers in domestic abuse or harassment situations, is a very serious problem, and it often goes hand in hand with other forms of abuse, up to and including physical violence," Galperin said in a statement. "The ubiquity of stalkerware is a complex problem and we need stakeholders from all parts of society in order to fight it effectively."
Companies like Malwarebytes and Symantec, which owns Norton, said they have been acting against stalkerware for years. Kaspersky first announced that it would start taking action against stalkerware in April.
Part of the issue is that even though multiple security companies work to block stalkerware, they can only detect what's within their own networks. Kaspersky noted that in 2018, it detected stalkerware on 58,487 mobile devices, but that's only on phones using its antivirus software.
By working together and sharing resources, information on a new stalkerware variants discovered by Kaspersky can be provided to other cybersecurity companies and automatically blocked, for example.
The Russian cybersecurity company said it has spotted 380 new variants of stalkerware this year, nearly one-third more than the amount it discovered in 2018.
"In order to counter this issue, it is important for cybersecurity vendors and advocacy organizations to work together," Vyacheslav Zakorzhevsky, Kaspersky's head of anti-malware research, said in a statement. "The IT security industry gives its input by improving detection of stalkerware and better notifying users of this threat to their privacy."
The coalition launched a new website on Tuesday at www.stopstalkerware.org to serve as a resource for victims of stalkerware. It'll have tips on how to check if they've been infected by stalkerware and what steps they should take to protect themselves.
"Studies have shown that 70% of women victims of cyberstalking also experienced at least one form of physical or/and sexualised violence from an intimate partner," Anna McKenzie, communications manager at the European Network for the Work with Perpetrators of Domestic Violence, said in a statement. "We need to stop perpetrators from using their partners' phones for stalking and hold them accountable for their violence."
The coalition had been in the works since late July, said David Ruiz, an online privacy writer for Malwarebytes. For years, security companies had disagreed on what they classify as stalkerware, which meant that some antivirus programs blocked certain apps while others didn't.
The group established a standard definition for stalkerware, focusing on non-consensual tracking of victims' devices. The hope is that more security companies will join the coalition, Ruiz said.
"Working with other cybersecurity companies is pivotal to the success of this group," he said. "We can share detection samples, and we can have an agreement to engage in that kind of information sharing."