NoteVerse

Spyware

Comprehensive study notes, diagrams, and exam preparation for Spyware.

Spyware

Definition

Spyware is a type of malicious software (malware) that secretly installs itself on a computer or mobile device to monitor the user's activities, collect sensitive personal information, and transmit that data to third parties without the user's knowledge or consent.

Main Content

1. Types of Spyware

  • Keyloggers: These programs record every keystroke made on a keyboard. They are often used to steal login credentials, passwords, and credit card numbers.
  • Adware: This software automatically delivers advertisements, often in the form of pop-ups or banners, to generate revenue for the developer while tracking browsing habits.

2. Modes of Delivery

  • Software Bundling: Spyware is frequently hidden within legitimate software installers. Users unknowingly accept a "Terms of Service" agreement that includes the installation of the spyware.
  • Phishing and Drive-by Downloads: Users may inadvertently install spyware by clicking on malicious email attachments or by visiting compromised websites that automatically trigger a download.

3. Impact on System Performance

  • Resource Consumption: Because spyware runs in the background, it consumes CPU cycles and RAM, leading to sluggish system performance or frequent crashes.
  • Network Degradation: By constantly sending data back to a remote server, spyware can significantly slow down internet connection speeds and increase data usage.

Working / Process

1. Infection and Installation

  • The malware enters the system via an exploit, email attachment, or bundled software package.
  • Once executed, it hides its process from the Task Manager or system registry to avoid detection by the user.

2. Monitoring and Data Collection

  • The spyware tracks user interactions, such as URLs visited, search queries, and credentials entered into banking sites.
  • It captures screenshots or records audio/video using the device’s microphone or webcam.

3. Exfiltration and Transmission

  • The collected data is bundled into encrypted packages and sent via the internet to the attacker’s Command and Control (C2) server.
[Device] ----(Collected Data)----> [C2 Server]
   |                                   ^
   |                                   |
[Spyware] <---(Remote Commands)--------|

Advantages / Applications

  • Parental Control: Legitimate monitoring tools are used by parents to keep track of their children’s online activity and ensure their safety.
  • Employee Monitoring: Some corporations use authorized software to track productivity and protect intellectual property on company-owned hardware.
  • Law Enforcement: Authorized tracking software can be used by government agencies to monitor devices belonging to suspected criminals during investigations.

Summary

Spyware is malicious software designed to covertly harvest data from a user's device. While it is predominantly used by cybercriminals for theft and fraud, it is also used in controlled environments for security, parental oversight, and corporate asset management.

Important terms to remember: Keylogger, C2 Server, Adware, and Data Exfiltration.

← Prev: Trojans
Next: Different types of attacks like Money Laundering →