James Martin/CNET

Antivirus apps are supposed to protect you from attacks on your devices, but for years, stalkerware has evaded their scrutiny.

On Wednesday, Kaspersky Lab said it would start flagging stalkerware as malicious, and warn people through its Android app when stalkerware is installed on their phones. In 2018 Kaspersky Lab detected stalkerware on 58,487 mobile devices.

Kaspersky Lab

There's likely much more out there; the cybersecurity company can detect it only in devices running Kaspersky's antivirus software.

Stalkerware, which Vice's Motherboard has reported on extensively, is frequently used by stalkers and abusers to spy on people through their phones. It essentially turns victims' phones into surveillance devices, letting an attacker track a person's every step and listen in on every word.

Stalkerware is quietly installed on people's devices, and then accesses personal data including GPS location, text messages, photos and microphone feeds. You don't have to be an expert to get your hands on it -- stalkerware is sold online, for as little as a few hundred dollars. Some purveyors offer subscription plans for $68 a month, according to Kaspersky Lab.

Researchers from Cornell University, Hunter College and New York University found in 2018 that many antivirus programs don't flag known stalkerware apps, many of which are marketed as tools for parents tracking children or people tracking stolen devices.

Kaspersky Lab said it was motivated to start flagging stalkerware apps after speaking with Eva Galperin, the Electronic Frontier Foundation's head of cybersecurity.

"As a result, we now flag commercial spyware with a specific alert which warns users of the dangers stalkerware poses," Alexey Firsh, a security researcher at Kaspersky Lab, said in a statement. "We believe users have a right to know if such a program is installed on their device."

Galperin told WIRED that she expects Kaspersky Lab's new initiative to set an industry standard among antivirus companies.

Kaspersky Lab's scan will now detect stalkerware apps and give users the option to delete them. The protection is available on Android devices, because stalkerware isn't as prevalent on iOS, Kaspersky Lab said.

Symantec, an antivirus company that owns Norton, said it also blocks spyware and stalkerware, which its software considers malicious. One type of protection it offers is flagging when location information is being sent from apps, a Symantec spokesperson said.

A Malwarebytes spokesperson said the company has been enforcing against stalkerware since 2014.

Lookout, a mobile security app, said it's also been tackling this as a serious security threat.

"We've been flagging and fighting this kind of spouseware/stalkerware at Lookout for years, as it is a constant problem in the mobile security space," a spokesperson said in a statement.



Originally published April 3 at 10:01 a.m. PT.

Update, 1:50 p.m. PT: Adds responses from other antivirus companies.