List of spyware programs
Appearance
This is a list of spyware programs.
These common spyware programs illustrate the diversity of behaviours found in these attacks. Note that as with computer viruses, researchers give names to spyware programs which may not be used by their creators. Programs may be grouped into "families" based not on shared program code, but on common behaviors, or by "following the money" of apparent financial or business connections. For instance, a number of the spyware programs distributed by Claria are collectively known as "Gator". Likewise, programs that are frequently installed together may be described as parts of the same spyware package, even if they function separately.
Spyware programs
[edit]- CoolWebSearch, a group of programs, takes advantage of Internet Explorer vulnerabilities. The package directs traffic to advertisements on Web sites including coolwebsearch.com. It displays pop-up ads, rewrites search engine results, and alters the infected computer's hosts file to direct DNS lookups to these sites.[1]
- FinFisher, sometimes called FinSpy is a high-end surveillance suite sold to law enforcement and intelligence agencies. Support services such as training and technology updates are part of the package.[2]
- GO Keyboard, virtual Android keyboard apps (GO Keyboard - Emoji keyboard[3] and GO Keyboard - Emoticon keyboard[4]), transmit personal information to its remote servers without explicit users' consent. This information includes user's Google account email, language, IMSI, location, network type, Android version and build, and device's model and screen size. The apps also download and execute a code from a remote server, breaching the Malicious Behavior section[5] of the Google Play privacy policies. Some of these plugins are detected as Adware or PUP by many Anti-Virus engines,[6] while the developer, a Chinese company GOMO Dev Team, claims in the apps' description that they will never collect personal data including credit card information.[7] The apps with about 2 million users in total were caught spying in September 2017 by security researchers from AdGuard who then reported their findings to Google.[8]
- Hermit is a toolkit developed by RCS Lab for government agencies to spy on iOS and Android mobile phones.
- HuntBar, aka WinTools or Adware.Websearch, was installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other spyware programs—an example of how spyware can install more spyware. These programs add toolbars to IE, track aggregate browsing behavior, redirect affiliate references, and display advertisements.[9][10]
- Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements. However, because password-protected Web sites (HTTP Basic authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it impossible for the user to access password-protected sites.[11]
- Spyware such as Look2Me hides inside system-critical processes and start up even in safe mode. With no process to terminate they are harder to detect and remove, which is a combination of both spyware and a rootkit. Rootkit technology is also seeing increasing use,[12] as newer spyware programs also have specific countermeasures against well known anti-malware products and may prevent them from running or being installed, or even uninstall them.[citation needed]
- Movieland, also known as Moviepass.tv and Popcorn.net, is a movie download service that has been the subject of thousands of complaints to the Federal Trade Commission (FTC), the Washington State Attorney General's Office, the Better Business Bureau, and other agencies. Consumers complained they were held hostage by a cycle of oversized pop-up windows demanding payment of at least $29.95, claiming that they had signed up for a three-day free trial but had not cancelled before the trial period was over, and were thus obligated to pay.[13][14] The FTC filed a complaint, since settled, against Movieland and eleven other defendants charging them with having "engaged in a nationwide scheme to use deception and coercion to extract payments from consumers."[15]
- Onavo Protect is used by Facebook to monetize usage habits within a privacy-focused environment, and was criticized because the app listing did not contain a prominent disclosure of Facebook's ownership.[16][17][18] The app was removed from the Apple iOS App Store. Apple deemed it a violation of guidelines barring apps from harvesting data from other apps on a user's device.[19][20][21][22][23][24]
- Pegasus is spyware for iOS and Android mobile phones developed by NSO Group which received widespread publicity for its use by government agencies.
- Zwangi redirects URLs typed into the browser's address bar to a search page at www.zwangi.com,[25] and may also take screenshots without permission.[26]
Programs distributed with spyware
[edit]Programs formerly distributed with spyware
[edit]- AOL Instant Messenger[30] (AOL Instant Messenger still packages Viewpoint Media Player, and WildTangent)
- DivX[32]
- FlashGet[33][34][35][36][37][38]
- magicJack[39]
References
[edit]- ^ ""CoolWebSearch". Parasite information database. Archived from the original on January 6, 2006. Retrieved September 4, 2008.
- ^ Nicole Perlroth (August 30, 2012). "Software Meant to Fight Crime Is Used to Spy on Dissidents". The New York Times. Retrieved August 31, 2012.
- ^ "GO Keyboard - Emoji keyboard, Swipe input, GIFs". GOMO Dev Team.
- ^ "GO Keyboard - Emoticon keyboard, Free Theme, GIF". GOMO Dev Team.
- ^ "Malicious behavior".
- ^ "Virustotal detection". Betanews. September 21, 2017.
- ^ "PRIVACY and security". GOMO Dev Team.
- ^ "GO Keyboard spying warning". Betanews. September 21, 2017.
- ^ "CA Spyware Information Center – HuntBar". .ca.com. Archived from the original on May 9, 2012. Retrieved September 11, 2010.
- ^ "What is Huntbar or Search Toolbar?". Pchell.com. Retrieved September 11, 2010.
- ^ ""InternetOptimizer". Parasite information database. Archived from the original on January 6, 2006. Retrieved September 4, 2008.
- ^ Roberts, Paul F. "Spyware meets Rootkit Stealth[permanent dead link]". eweek.com. June 20, 2005.
- ^ "FTC, Washington Attorney General Sue to Halt Unfair Movieland Downloads". Federal Trade Commission. August 15, 2006.
- ^ "Attorney General McKenna Sues Movieland.com and Associates for Spyware". Washington State Office of the Attorney General. August 14, 2006.
- ^ "Complaint for Permanent Injunction and Other Equitable Relief (PDF, 25 pages)" (PDF). Federal Trade Commission. August 8, 2006.
- ^ Perez, Sarah. "Facebook is pushing its data-tracking Onavo VPN within its main mobile app". TechCrunch. Retrieved 2018-02-14.
- ^ "Facebook's New 'Onavo Protect' VPN is a Spyware App". ExtremeTech. 2018-02-14. Archived from the original on August 28, 2018. Retrieved 2018-02-14.
- ^ "Facebook's Protect security feature is essentially Spyware". IT PRO. Retrieved 2018-02-14.
- ^ "Apple removed Facebook's Onavo from the App Store for gathering app data". TechCrunch. Retrieved 2018-08-23.
- ^ "Facebook will pull its data-collecting VPN app from the App Store over privacy concerns". The Verge. Retrieved 2018-08-23.
- ^ Grothaus, Michael (23 August 2018). "Apple makes Facebook pull its spyware(ish) VPN from the App Store". Fast Company. Retrieved 2018-09-03.
- ^ McKay, Tom (2018-08-22). "Facebook Pulls Its Data-Harvesting Onavo VPN From App Store After Apple Says It Violates Rules". Gizmodo. Retrieved 2018-09-03.
- ^ Miller, Chance (22 August 2018). "At Apple's request, Facebook is removing its spyware-like Onavo VPN app from the App Store". 9to5Mac. Retrieved 2018-09-03.
- ^ Morse, Jack (2018-08-22). "Facebook to pull its creepy VPN Onavo from App Store after Apple pushback". Mashable. Retrieved 2018-09-03.
- ^ "BrowserModifier:Win32/Zwangi threat description - Windows Defender Security Intelligence". www.microsoft.com. Archived from the original on April 1, 2016. Retrieved February 4, 2019.
- ^ "Spyware.Screenspy - Symantec". Symantec. Archived from the original on January 7, 2007.
- ^ Edelman, Ben (2004). "Claria License Agreement Is Fifty Six Pages Long". Retrieved July 27, 2005.
- ^ Edelman, Ben (2005). "Comparison of Unwanted Software Installed by P2P Programs". Retrieved July 27, 2005.
- ^ ""WeatherBug". Parasite information database. Archived from the original on February 6, 2005. Retrieved September 4, 2008.
- ^ a b "Adware.WildTangent". Sunbelt Malware Research Labs. June 12, 2008. Retrieved September 4, 2008.[permanent dead link]
- ^ "Winpipe". Sunbelt Malware Research Labs. June 12, 2008. Archived from the original on October 5, 2008. Retrieved September 4, 2008.
It is possible that this spyware is distributed with the adware bundler WildTangent or from a threat included in that bundler.
- ^ "How Did I Get Gator?". PC Pitstop. Retrieved July 27, 2005.
- ^ "eTrust Spyware Encyclopedia – FlashGet". Computer Associates. Retrieved July 27, 2005. Archived May 5, 2007, at the Wayback Machine
- ^ "Jotti's malware scan of FlashGet 3". Virusscan.jotti.org. Archived from the original on March 23, 2010. Retrieved September 11, 2010.
- ^ VirusTotal scan of FlashGet 3.
- ^ "Jotti's malware scan of FlashGet 1.96". Virusscan.jotti.org. Archived from the original on May 10, 2011. Retrieved September 11, 2010.
- ^ VirusTotal scan of FlashGet 1.96.
- ^ Some caution is required since FlashGet 3 EULA makes mention of Third Party Software, but does not name any third party producer of software. However, a scan with SpyBot Search & Destroy, performed on November 20, 2009 after installing FlashGet 3 did not show any malware on an already anti-spyware immunized system (by SpyBot and SpywareBlaster).
- ^ "Gadgets boingboing.net, MagicJack's EULA says it will spy on you and force you into arbitration". Gadgets.boingboing.net. April 14, 2008. Retrieved September 11, 2010.