What is spyware and how do you remove it?
If spyware gets installed on your computer, a third party (maybe a hacker, suspicious spouse, or advertising company) gets access to your data. They might have the ability to view anything from your browsing history to your personal photos to your online banking credentials.
In this article, we’ll look at what is and isn’t spyware, how it works, and how to remove it from your computer.
Spyware falls under the broader category of malware, or malicious software. In particular, any program that gathers your personal information and sends it to a third party is classified as spyware.
Many different types of cybercriminals use spyware. Sometimes, hackers trick lots of people into installing spyware to steal their credit card information or banking passwords. Other times, someone will install spyware on their husband’s or wife’s computer to confirm suspicions of cheating. The most nefarious kinds help commit identity theft, allowing criminals to impersonate victims to governments and banks.
Types of spyware
By definition, spyware is a program running on the victim’s computer, so hardware-based keyloggers don’t count. However, there are a lot of different kinds of spyware:
- System monitors, including keyloggers. These programs monitor the computer’s inputs and outputs for useful information. Keyloggers, the most common type, record every keystroke typed on the computer, including potentially sensitive passwords.
- Info-stealing spyware. Unlike keyloggers, these programs don’t indiscriminately record keystrokes. Instead, they convey specific information from the user’s computer to a third party. This kind of spyware frequently targets photos, browser history, password databases, and other sensitive information.
- Banking trojans. Multiple types of banking trojans exist, including some that aren’t spyware (like those that add fake buttons to banking websites). However, many of these malicious programs steal passwords to make unauthorized transactions. Advanced banking trojans combine these properties: they take the victim’s password, steal their money, and make it look like nothing happened.
- Rootkits. Regular malware runs on top of the operating system; rootkits run beneath it, evading detection and removal. Hackers sometimes combine rootkits with other types of malware.
- Employee monitoring software. While not usually nefarious, this kind of software is sometimes classified as spyware. It functions similarly to spyware created by criminals, although antivirus programs don’t generally flag it as malicious. Employee monitoring software may record users’ activity within certain applications, including web browsers.
- Logging VPNs monitor and sell their victims’ Internet activity for advertising purposes. While these malicious VPNs still have the same properties as a legitimate option, they collect data that reputable VPN providers do not.
How does spyware work?
Like other malware, spyware usually arrives on a victim’s computer when they run a fake program (known as a Trojan horse), open email attachments from unknown senders, or allow someone else to access their computer.
Once spyware arrives on a victim’s computer, it will attract as little attention as possible. Since most spyware strives to steal information silently, any hint to its existence could be detrimental to its success. On occasion, however, spyware will combine with adware to display especially personalized advertisements.
From there, different kinds of spyware work somewhat differently:
- Keyloggers silently record everything that users type on the infected computer, relaying the information to the attacker or storing it in a file.
- Other types of system monitors relay all or some of the collected information to the attacker. Uploading everything displayed on the screen is prohibitively slow, so spyware utilizing this strategy must scan for important or sensitive information.
- Info-stealing spyware scans files for interesting or sensitive information, uploading only the highest-value data to avoid detection.
- Banking trojans compromise the victim’s web browser to access and modify their banking site. They may also contain a keylogger component to steal passwords.
Some spyware, like the kinds intended to surveil significant others and employees, usually gets deleted when the spouse or employer chooses to do so. That said, most spyware sticks around as long as possible to scoop up as much sensitive information as it can.
Examples of spyware
Compared to some types of malware (like ransomware), spyware has been around for a long time. As a result, spyware authors have created a lot of different varieties. You can see some of the most prominent here:
- CoolWebSearch arrived on victims’ computers, bundled with other malware, through a drive-by installation. In addition to spying on users’ activity and information, it forced the user to search the web through coolwebsearch[dot]com, showed pop-up ads (including some with pornographic content), and slowed down infected computers.
- Internet Optimizer was an older spyware and adware program which covered browser error pages in advertisements. Additionally, it stole its victims’ information.
- FinFisher is a highly professional, advanced spyware program used by law enforcement and government agencies. FinFisher customers can install it on targets’ computers in a variety of ways, including malicious emails and flaws in common software.
- Onavo Protect was a mobile app produced by a Facebook subsidiary that stole user information and sold it for advertising purposes. While not as nefarious as other kinds of spyware—in particular, Onavo could not read data sent on HTTPS-secured sites—it raised the ire of many security researchers.
How do I get spyware?
Spyware arrives through a variety of different channels, from infected Microsoft Office email attachments to fake download buttons in ads.
Some of the most common ways that people accidentally install spyware include the following:
- Installing a fake updater or installer for another program. Security researchers call these types of malicious programs Trojan horses.
- Opening email attachments or clicking on links in messages from unknown senders.
- Clicking “enable” or “allow” on pop-ups without reading them thoroughly.
- Not updating your operating system or important software in a timely manner, allowing hackers to exploit security vulnerabilities.
In many common cases, spyware comes bundled with other malware.
How to remove spyware
Back in the '90s and early 2000s, skilled computer users could realistically remove malware from their computers by hand. However, modern malware—especially sneaky varieties like spyware—are too hard to remove this way. Wiping and completely reinstalling your computer practically guarantees that any malware is removed, so most experts recommend this strategy today.
To effectively wipe your computer and remove spyware, try this approach:
- Make a complete backup of your important files.
Using a clean computer, create a bootable recovery drive.
- On Windows, use Microsoft’s USB/DVD Download Tool.
- On macOS, boot from Recovery by holding down the Command and R keys.
- Reboot from the USB drive or internal recovery partition.
- Use the on-screen assistance to completely wipe (or format) your hard drive and reinstall your operating system.
- Reboot into your internal boot drive and follow the on-screen instructions to set up your computer like new.
- Install a trusted antivirus solution and scan your backup containing your most important files.
- If the files are marked clean, restore your backup by moving the files onto your newly cleaned computer.
How do I protect myself?
Most of the general suggestions for protecting yourself from malware also apply to spyware. Here are some of the most important recommendations:
- Don’t download files from untrustworthy sources, especially piracy sites.
- Avoid opening attachments or clicking links in emails from people you don’t recognize.
Don’t fall for malicious advertisements like fake download buttons.
- Using an adblocker may be a good approach to avoid these ads.
- Lock your computer when leaving it unattended. If you’re especially paranoid, consider using full-disk encryption.
- Use an antivirus solution to proactively monitor your computer for signs of spyware and other malicious software.
- Keep your software up to date to avoid falling victim to security vulnerabilities. Pay special attention to your web browser and antivirus software.
- Stick to reputable VPNs to avoid having your Internet traffic logged and used for advertising.
Most importantly, always make sure to stay vigilant and skeptical of websites and emails on your computer.