What is Spyware?

Bart Lenaerts-Bergmans - September 15, 2022

Spyware Definition

Spyware is a type of malware that covertly infects a computer or mobile device and collects sensitive information like passwords, personal identification numbers (PINs), and payment information. The information is then sent to advertisers, data collection firms, or malicious third parties for a profit.

Spyware is one of the most common threats on the internet. It was more commonly installed in  Windows desktop browsers, but has evolved to operate on Apple computers and mobile phones as well. Mobile spyware attacks have become much more common and advanced as people rely on their phones to conduct banking activities and access other sensitive information. However, not all software that tracks online activity is malicious. For example, some website tracking cookies can serve as a legitimate function to customize a user’s website experience by remembering login information.

Anyone can be a target of spyware. Authors of spyware do not typically target a specific person like a spear phishing attack would. Spyware authors prioritize the information they can gather rather than who it is from, so spyware attacks try to collect as many victims as possible.  Since spyware typically runs in the background of the operating system, it is difficult to detect and even harder to mitigate without advanced security tools and solutions.

2024 CrowdStrike Global Threat Report

The 2024 Global Threat Report unveils an alarming rise in covert activity and a cyber threat landscape dominated by stealth. Data theft, cloud breaches, and malware-free attacks are on the rise. Read about how adversaries continue to adapt despite advancements in detection technology.

Download Now

There are several types of spyware. While all spyware programs share the common goal of stealing personal information, each uses unique tactics to do so.

1. Adware

Adware tracks a user’s web surfing history and activity to optimize advertising efforts. Although adware is technically a form of spyware, it does not install software on a user’s computer or capture keystrokes. Thus, the danger in adware is the erosion of a user’s privacy since the data captured by adware is accumulated with data captured about the user’s activity elsewhere on the internet. This information is then used to create a profile that can be shared or sold to advertisers without the user’s consent.

2. Trojan

A trojan is a digital attack that disguises itself as desirable code or software. Trojans may hide in games, apps or even software patches. They may also be embedded in attachments in phishing emails. Once downloaded by users, trojans can take control of victims’ systems for malicious purposes such as deleting files, encrypting files or sharing sensitive information with other parties.

3. Keylogger

A keylogger is a type of spyware that monitors user activity. When installed, keyloggers can steal passwords, user IDs, banking details and other sensitive information. Keyloggers can be inserted into a system through phishing, social engineering or malicious downloads.

4. System Monitor

A system monitor captures virtually everything the user does on the infected computer or device. System monitors can be programmed to record all keystrokes, the user’s browser activity and history, as well as any form of communication, such as emails, webchats or social media activity.

5. RedShell

RedShell is a type of spyware that installs itself on a device whenever specific PC games are downloaded to track online activity. Developers use this information as feedback to better understand their users, and improve their games and marketing campaigns.

6. RootKits

Rootkits allow attackers to easily infiltrate a system, as they are almost always undetectable. To infiltrate a system, they either exploit security vulnerabilities or logging as an administrator.

7. Tracking Cookies

Websites, both legitimate and illegitimate, drop cookies into your device to track users’ online activity.

What Does Spyware Do?

This three-step process provides a general overview of how an author launches their spyware attack:

  1. Infiltrate: Spyware may infiltrate any device upon visiting a malicious website, installing a malicious app, or even opening a file attachment in an email.
  2. Monitor and capture: Once the spyware is installed, it begins to collect data, which could range from web activity and history to keystrokes.
  3. Send or sell: The spyware creator collects the data where they can either use it directly or sell it to third parties.

The presence of spyware will generally slow down the computer or device, degrading its usability and functionality over time. Due to decreased functionality, the system may also be more vulnerable to other types of malware.

How Spyware Infects Devices

Spyware is commonly installed onto a device by the user unknowingly downloading it themselves. It is often hidden within seemingly legitimate websites or software through vulnerability exploits.

Some of the most common ways spyware infects devices:

  • Phishing and spoofing
  • Spyware hidden within software bundles
  • Trojans
  • Downloading software from an unreliable source
  • Downloading malicious mobile apps
  • Opening email attachments or clicking links from unknown senders
  • Pirating media such as movies, music, or games
  • Agreeing to the terms and conditions of a program before carefully reading them
  • Accepting cookie consent requests from untrusted websites
  • Security vulnerabilities within a website or program

What Are Examples of Issues Caused by Spyware on a Device?

Once a system is compromised, the spyware begins to collect the user’s behavior data. Common tracking activities include:

  • Recording keystrokes (i.e., a keylogger) to gather anything that is typed, including user names, passwords, banking details, credit card numbers and contact information.
  • Tracking online activity including website visits, browsing history, people they interact with and messages they send in order to create a detailed profile of the user.
  • Assume control of the computer or device and reset the browser’s homepage, alter search results or flood the device with pop-up ads.
  • Reconfigure the device’s security settings, including the firewall, to allow remote control over the device or intercept attempts to remove the spyware.

Expert Tip

7 Signs your Device is Infected by Spyware

  1. The computer or device runs slowly.
  2. The device crashes unexpectedly on a consistent basis.
  3. The device is inexplicably running out of space or memory.
  4. The browser’s landing page or device’s home screen has been changed unexpectedly.
  5. New toolbars, search engines or programs appear on the device without being downloaded by the user.
  6. The device receives constant pop-up ads and messages, even when offline.
  7. Anti-virus and other safety software not working.

How to Protect Against Spyware

Because any user’s device may become vulnerable to spyware, it is important to understand how to protect oneself against spyware. The first line of defense is to prevent spyware from being installed onto your device, and this can be achieved by being cautious of  your own behavior while online.

  • Use reputable antivirus software with spyware protection, preferably a cloud-native security solution.
  • Use a pop-up blocker or avoid clicking pop-up ads.
  • Keep your computer or mobile operating systems updated.
  • Never open unsolicited or suspicious email attachments from unverified senders.
  • Don’t click links in text messages from unknown senders.
  • Be cautious about consenting to website cookies.
  • Be wary of free software and make sure to carefully read the terms and conditions.
  • Put a screen lock on your smartphone and use strong passwords on all devices
  • Avoid using unsecured Wi-Fi or use a VPN
  • Look carefully at the permissions you grant apps when you install them

How to Remove Spyware

Removing Spyware From Your Computer

If you notice signs of a spyware infection on your desktop or laptop computer, take these steps to remove it:

  1. Download and run a virus removal tool. Make sure the antivirus software is advanced so it can scan for all kinds of threats.
  2. Once the system is cleared, consider contacting your financial institutions to inform them about possible fraudulent activity.
  3. If any stolen information is sensitive then you may want to contact local law-enforcement authorities to report potential violations of federal and state laws.
  4. Once you’ve cleaned your system, consider downloading anti-spyware tools to further protect your devices from spyware in the future.

Removing Spyware From Your Mobile Phone

If you notice signs of a spyware infection on your mobile device, take these steps to remove it:

  1. Uninstall apps you don’t recognize. Go to your phone’s settings, click on “Apps,” and uninstall any suspicious apps.
  2. Run an antivirus or malware scan: You may have an app that came installed with your phone, or you may need to download and install a reputable app from the official app store for your device.
  3. If the steps above do not solve the issue, you can back up your data then factory reset your phone. Data can be uploaded onto Google or iTunes/iCloud so you’ll be able to restore all your data to your freshly cleaned phone after resetting it. A factory reset removes all data and downloaded programs from the device and leaves it in its original ‘factory’ state.
  4. Run a second antivirus or malware scan after you reinstall your data. Sometimes the first scan does not completely remove spyware.


Bart is Senior Product Marketing Manager of Threat Intelligence at CrowdStrike and holds +20 years of experience in threat monitoring, detection and intelligence. After starting his career as a network security operations analyst at a Belgian financial organization, Bart moved to the US East Coast to join multiple cybersecurity companies including 3Com/Tippingpoint, RSA Security, Symantec, McAfee, Venafi and FireEye-Mandiant, holding both product management, as well as product marketing roles.