Alexey Firsh said in a detailed blog post that this was a small number compared to other kinds of threats; for example, during the same year, 187.321 users were found to have encountered ransomware.
But there was a difference. "...it should be noted that when it comes to malware, our figures show how many people we were able to protect from infection," Firsh said. "But when we look at stalkerware, the situation is a bit different."
He said of the devices that were detected as having stalkerware, about 35,000 were infected before they had a Kaspersky Lab product installed and ran the first security scan. A total of 26,619 unique samples of stalkerware programs were found.
Said Firsh: "For example, a consumer surveillance program works like this:
- "The command and control server (C2) is provided by the service owners; and
- "It is easy to buy and deploy than spying malware. There is no need to use shady hacking forums and have programming skills – in almost all cases it requires a simple manual installation."
He said it was important to differentiate stalkerware from commercial programs that were used to locate a stolen/lost device or to facilitate parental control.
"Firstly, they [stalkerware] are distributed through dedicated landing pages – a direct violation of Google Play safety recommendations," Firsh pointed out.
"Secondly, these apps have functionality that allows them to invade the privacy of an individual without their consent or knowledge: the application icon can be hidden from the applications menu, while the app continues to run in the background, and some functions of the app fulfil surveillance tasks (such as recording the victim’s voice).
"Some even delete traces of their presence from the phone, along with any installed security solutions once the attacker manually grants the application with root-access."
Kaspersky Lab released an additional feature in its security app for Android on Wednesday so that it would detect common stalkerware.
Firsh said there was no need to prove the negative effects of commercial spyware, as its initial concept was completely unethical.
"However, there are many layers of other threats that these programs bring to a user who installs them. They breach the legislation of mobile application stores, breach security and make the data of stalked victims vulnerable to hacker exploitation.
"Later, that data can be used in all kind of malicious activities – from financial extortion to identity theft. We can also safely say that there are people who benefit from this and can access this data, while their own identities, origins and location remain unknown."