Harassment software detection rates improve for antivirus products

Harassment software detection rates improve for antivirus products Cybersecurity

Detection rates for “stalkerware” applications on Android and Windows devices are improving slowly, according to the results of a seven-month research project led by independent antivirus testing laboratory AV-Comparatives and the Electronic Frontier Foundation . The study [PDF], published earlier this week, took place in two phases, the first in November 2019, and the second in May 2020.

Researchers examined how ten Android antivirus applications for mobile devices and ten Windows antivirus products detected some of the most common stalking software strains today.

The stalkerware strains, twenty on Android and ten on Windows, were chosen by AV-Comparatives in collaboration with the Electronic Frontier Foundation (EFF), because of their popularity in the United States.

Harassment software detection rates improve for antivirus products

Image: AV comparisons

Study found that many antivirus companies have improved
their detection rate between the analysis of November 2019 and May 2020.

Harassment software detection rates improve for antivirus products
Green = harassment software detected; Red = harassment software not detected. Image: AV comparisons

Improved detection

Detection rates for Android products in November ranged from 30 to 95%, with two products detecting less than 50% of test cases, said AV-Comparatives. On Windows, the overall detection rate in November was low compared to Android; the highest detection rate was only 70%, and only two products reached this level.

“Six months later, in May, most products – both for Android and Windows – had improved detection rates,” said the test lab. On Android, 9 out of 10 products detected between 75% and 95% of test cases. On Windows, all products had improved their detection rate to at least 70%, with four programs reaching 100%.

The study results are encouraging, as they show that the cybersecurity industry is finally catching up with a type of malware threat that has often been overlooked.

Disguised practice

Stalkerware is a category of spyware, which is a type of malware that – as the name suggests – can be used to spy on people. The difference between tracking software and spyware is that tracking software is often presented online as legitimate software and is easily accessible, rather than being sold on pirate forums and underground chat rooms.

Stalkerware is often disguised as parental control software, employee tracking software and even a remote access tool for the corporate sector. However, the difference between legitimate applications and harassing software is that the latter include functions allowing them to hide their presence on the computer or smartphone on which they are installed.

While legitimate apps like parental control software and remote access tools are clearly visible when installed on a device, harassing software often uses deceptive generic process names or hides their shortcuts and icons application – in an attempt to follow the user without noticing.


Because of these characteristics, stalkers are often used by abusive partners to spy on their relatives, hence their alternative name of “spouseware”. In recent years, domestic violence organizations have warned of the growing number of domestic violence cases in which harassment software is involved.

Since mid-2018, the Electronic Frontier Foundation has been pushing the cybersecurity industry to detect these tools as malicious and to warn users accordingly. Since 2018, more and more antivirus companies have started adding harassment detection rules, and some have even joined the Harassment Coalition, a non-profit group to raise awareness about this threat.

The study released this week can be seen as a step in the right direction, as the antivirus industry now clearly views harassing software as malware – rather than viewing it as “dual-use software” that never started before. no type of warning or detection.

According to a Kaspersky report, the number of harassing software infections increased by 40% in 2019 compared to the previous year.

Source: ZDNet.com

Source: www.zdnet.fr

Rate article