Kaspersky report reveals increase in the number of users affected by stalkerware

The latest Kaspersky State of Stalkerware 2023 report reveals almost 31,000 mobile users worldwide were subjected to stalkerware, clandestine surveillance software utilized by domestic abusers to monitor their victims. But it’s not just stalkerware software that is a problem, 40% of surveyed people worldwide stated they have experienced stalking or suspected being stalked.

Stalkerware typically masquerades as legitimate anti-theft or parental control apps on smartphones, tablets, and computers, but in reality, they are very different. Installed – usually without consent and notification of the person being tracked – they provide a perpetrator with the means to gain control over a victim’s life. Stalkerware capabilities vary depending on the application.

The State of Stalkerware is an annual report by Kaspersky which aims to provide a better understanding of the number of people affected by digital stalking globally. In 2023, Kaspersky data reveals 31,031 unique individuals around the world were affected by stalkerware, a 5.8% increase compared to 2022. The figures reverse the downward trend of 2021, confirming digital stalking continues to be a global problem.

According to the Kaspersky Security Network, in 2023, users in Russia, Brazil, and India were the top three countries most affected. Iran entered the top five in the previous year and remains. When compared to 2021, the top 10 affected countries have changed little. While Germany dropped from seven to 10, Saudi Ariba (ranked eighth in 2022) is not most affected this year.

 CountryAffected users
1Russian Federation9,890
2Brazil4,186
3India2,492
4Iran1,578
5Turkey1,063
6Indonesia871
7United States of America799
8Yemen624
9Mexico592
10Germany577

Top 10 countries most affected by stalkerware in the world in 2023

Stalking and violence – offline and online

The spectrum of abuse is diverse, with over one-third (39%) of respondents worldwide reporting experiences of violence or abuse from a current or previous partner. Of those questioned for the report, 23% of people worldwide revealed they have encountered some form of online stalking from someone they were recently dating. Furthermore, overall 40% reported experiencing stalking or suspecting being stalked.

On the other side, 12% admitted to installing or setting parameters on their partner’s phone, while 9% acknowledged pressuring their partner to install monitoring apps. Nevertheless, the notion of monitoring a partner without their awareness is disapproved by the majority of individuals (54%), reflecting a prevailing sentiment against such behaviour. Regarding attitudes toward consensually monitoring a partner’s online activities, 45% of respondents express disapproval, highlighting the significance of privacy rights. Conversely, 27% support full transparency in relationships, viewing consensual monitoring as appropriate, while 12% deem it acceptable only when mutual agreement is reached.

“These findings highlight the delicate balance individuals strike between intimacy and safeguarding personal information. It’s positive to observe increased caution, especially regarding sensitive data like security device passwords. The reluctance to share such critical access aligns with cybersecurity principles. The willingness to share streaming service passwords and photos signifies a cultural shift, though individuals should recognize potential risks even in seemingly innocuous information sharing. These insights underscore the importance of fostering open communication within relationships, establishing clear boundaries, and promoting digital literacy. For security professionals, it reinforces the need for ongoing education on cybersecurity best practices and empowering individuals to make informed decisions about sharing personal information within relationships,” said David Emm, security and data privacy expert at Kaspersky.

The fight against stalkerware needs partnerships

In most countries around the world, use of stalkerware software is currently not prohibited but installing such an application on another individual’s smartphone without their consent is illegal and punishable. However, it is the perpetrator who will be held responsible, not the developer of the application. Along with other related technologies, stalkerware is one element of tech-enabled abuse and often used in abusive relationships.

Erica Olsen, Senior Director, Safety Net Project, National Network to End Domestic Violence (NNEDV) (the United States) commented on the report: “This report highlights both the prevalence of stalking behavior perpetrated with technology and the related perceptions on privacy within intimate partner relationships. A significant portion of respondents reported they would willingly share some information, whether for safety reasons or otherwise. A small percentage, 4%, stated they reluctantly agreed to monitoring at their partner’s insistence – this is not the same as consent. It’s important to create a clear distinction between consensual sharing and non-consensual monitoring. Consent is agreement free of force or coercion.”

Emma Pickering, Head of Technology-Facilitated Abuse and Economic Empowerment Team at Refuge (the United Kingdom) said: “The statistics highlighted in this report are really concerning, but we are sadly not surprised. Here at Refuge, we are seeing an alarming increase in survivors reporting concerns relating to stalkerware. It is also very important to note that we rarely see any form of tech abuse used in isolation. Alongside stalkerware, abusers are often misusing other forms of technology to cause harm and distress. This is why we should always ensure, as agencies, we are completing a detailed tech assessment and supporting survivors to regain access to all accounts and devices. For this reason it is imperative that we continue to work together with the wider tech community to understand the technology being used, to try to prevent it being used for harm and to try and build in safety by design collaboratively.”

Stalkerware is foremost not a technical problem, but an expression of a problem which requires action from all sections of society. Kaspersky is not only actively committed to protecting users from this threat but also maintaining a multilevel dialogue with non-profit organizations, and industry, research and public agencies around the world to work together on solutions that tackle the issue.

In 2019, Kaspersky was the first cybersecurity company in the industry to develop a new attention-grabbing alert that clearly notifies users if stalkerware is found on their device. While Kaspersky’s solutions have been flagging potentially harmful apps that are not malware – including stalkerware – for many years, the new notifications function alerts the user to the fact that an app has been found on their device that may be able to spy on them.

As this is part of a wider problem, Kaspersky is working with relevant experts and organizations in the field of domestic violence, ranging from victim support services and perpetrator programs through to research and government agencies, to share knowledge and support professionals and victims alike. 

In 2019, Kaspersky also co-founded the Coalition Against Stalkerware, an international working group against stalkerware and domestic violence that brings together private IT companies, NGOs, research institutions, and law enforcement agencies working to combat cyberstalking and help victims of online abuse. Through a consortium of more than 40 organizations, stakeholders can share expertise and work together to solve the problem of online violence. In addition, the Coalition’s website, which is available in seven languages, provides victims with help and guidance in case they may suspect stalkerware is present on their devices.

Read the full report looking into stalkerware threats in 2023 on https://securelist.com/state-of-stalkerware-2023/112135/

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.