Spyware and Adware: Silent Threats Between Espionage and Information Warfare

Spyware and adware, often underestimated or ignored, are extremely dangerous threats, especially in the military and government sectors.
Adware is software designed to collect data about users for advertising purposes, displaying targeted ads often in an intrusive manner. However, some variants go further, collecting sensitive information without the user's consent. Spyware, on the other hand, is designed with a purely malicious purpose: monitoring a device's activity, stealing confidential data, tracking location, and even intercepting communications.

Often disguised as compromised apps and websites, these programs can infiltrate devices without the user's knowledge, turning them into digital spying tools. A particularly insidious variant is stalkerware, designed to secretly monitor a user's activity without their consent. This type of software, initially widespread in the private sector for the abusive monitoring of partners or family members, has also found use in intelligence and targeted surveillance operations. When installed on a smartphone or computer, it can record calls, collect messages, and even activate the microphone and camera without the user's knowledge.

In recent years, targeted attacks with advanced spyware have demonstrated the effectiveness of these tools in intelligence operations, leading to the compromise of politicians, journalists and even military personnel. The increasing digitalization of the armed forces and the widespread use of personal devices in operational contexts increase the risk of exposure to these threats, making greater awareness and adequate defense measures essential.

Spyware, Adware and Stalkerware: What They Are and How They Work

Adware, spyware, and stalkerware are malware designed to collect data in different ways, but with the common goal of invading users' privacy.

- adware are mainly programs that display unwanted advertisements. Although they were initially considered “not dangerous”, their invasiveness has grown over time.

The first known adware dates back to the 90s and was part of freeware software packages, which, while allowing the free use of some programs, displayed advertising in an invasive way. The most famous example of early adware was "Gator", also known as "Claria", a software that was integrated into apps and browsers to collect data about users and display targeted ads. Gator marks the birth of the Behavioral Marketing, a marketing technique that relies on the analysis of users' online habits to show personalized advertising. Gator was one of the pioneers in this field, collecting information on users' browsing behavior to target ads with extreme precision. This practice, which initially seemed harmless, led to the creation of a vast digital advertising industry, but raised concerns about privacy, as these software collected personal information without the explicit consent of users.

- spyware, unlike adware, have been considered more dangerous and intrusive from the beginning. The first significant spyware, 180solutions, dates back to the early 2000s and was one of the first examples of software specifically designed to collect sensitive information, such as browsing behavior and personal data, without the user's consent. This malware was distributed via freeware and compromised websites, collecting data from business and private computers. Over time, spyware evolved to include even more invasive functions, such as keystroke logging, online activity monitoring, and stealing banking credentials. In 2006, 180solutions merged with Zango, another program known for its intrusive behavior and information collection without users' permission. This merger created one of the most widespread spyware distribution networks.

Spyware is particularly relevant in the military and government sectors, where the security of information and the whereabouts of personnel and units is vital.

The same category includes: stalkerware, applications developed to monitor an individual's activities without their consent, seriously violating their privacy. Originally designed for legitimate purposes, such as monitoring minor children or managing family activities, many of these software have been exploited for illicit purposes, such as monitoring unaware adult partners or family members. These tools are capable of collecting a wide range of information, including GPS location, recording calls, accessing private messages, viewing online activity history, and even remotely activating cameras and microphones. The abuse of stalkerware has become a serious problem, as it allows for covert surveillance that can last for a long time without the victim noticing. These software, in some cases, have also been used in more complex contexts, such as surveillance operations by criminal groups or in the context of espionage. In response, detection technologies and more stringent policies have been developed to combat stalkerware abuse, but the problem remains a growing digital security and privacy challenge.

Spyware as a Tool for Espionage and Information Warfare

The use of spyware by state actors and APT (Advanced Persistent Threat) groups has transformed these technologies into vital tools in digital espionage operations and information warfare. Spyware is no longer considered exclusively as a private or commercial cyber threat, but is used by state entities and organized groups to collect sensitive information, monitor political adversaries, journalists and the military, and conduct targeted attacks of operational and strategic importance.

State actors use seemingly innocuous software, such as messaging apps or encrypted email systems, to infiltrate devices and surveil targets’ activities without raising suspicion. This type of surveillance happens invisibly and silently, so that the user doesn’t realize they’ve been compromised.

While the recent case that rose to the honor of the news in Italy, Graphite, is still too recent to fully understand its implications, among the most famous examples of spyware used in surveillance operations there is certainly Pegasus. Developed by the Israeli company NSO Group. Pegasus has been used to infect the devices of journalists, politicians, activists and members of international organizations, intercepting calls, messages and collecting confidential information without the consent of the victims.

Advanced spyware such as Pegasus is capable of tracking individuals' geographic locations, accessing private communications, and stealing strategic data relating to military operations, plans, and other classified information. The risk of a spyware attack is particularly high for those operating in sensitive environments, where the security of communications and information is crucial. Understandably, the security implications for military personnel are enormous, and governments need to be aware of the threat that spyware poses.

How to Defend Yourself: Mitigation Strategies for Users and Military Personnel

Protection against spyware and similar requires targeted measures, especially for military and institutional personnel, who must be adequately informed about the risks and good practices for using devices, both personal and work-related.

Awareness is the first step to avoid infections, and every individual must be trained to recognize threats and follow strict safety protocols.

All operators at risk should be constantly updated on the dangers of spyware and how to behave in operational contexts. Training should include how to avoid accidentally clicking on suspicious links, how to handle electronic communications safely, and how to recognize anomalous behavior on devices.

Organizations should also implement advanced technical solutions, such as antivirus, Endpoint Detection and Response (EDR), and Mobile Device Management (MDM), to monitor and protect devices from spyware and other threats. They should establish restrictive policies for the use of personally identifiable devices (BYOD) in sensitive environments, ensuring that access to vital resources is limited to only secure and approved devices.

It is important to remember that some limitations, in certain contexts, are necessary for the safety of personnel and infrastructure. Therefore, it should be forbidden to install uncontrolled and unforeseen software on work devices. It is also useful to remember that if a service is free, users are often the bargaining chip, this is to say that not everything found on the Internet, even if it apparently solves our pressing problem, can be used without precautions. Free devices and applications can collect sensitive data for marketing purposes or to resell them, increasing the risk of exposure to spyware.

Using New Technologies to Defend Against Next-Generation Spyware

As cyber threats evolve, it is critical for militaries and governments to integrate new technologies into their defense strategies. Emerging technologies such as artificial intelligence (AI) and machine learning (ML) are becoming increasingly crucial in detecting and preventing spyware and malware attacks. AI can be used to monitor anomalies in data flows, detect suspicious behavior, and block malicious activity in real time. Additionally, advanced algorithms can analyze device behavior patterns, predict threats, and neutralize them in near real time, thereby reducing the risk of infiltration through sophisticated spyware.

Conclusions

As we have seen, in the current context of increasing digitalization, spyware, adware and the unwitting use of seemingly innocuous apps pose significant risks to military and government personnel. It is important to note that these threats are not limited to malicious software, but also extend to everyday tools such as fitness apps (the emblematic case is Strava a few years ago), social media, games or productivity applications. These tools often collect information that, if used by intelligence analysts, institutional or malicious, can compromise the security of operations.
Awareness of the risks deriving from these threats is essential to avoid behaviors that could compromise security.

In an era dominated by hybrid warfare and cyber dominance, cybersecurity is increasingly crucial to protect communications, operations and sensitive information, reducing the risk of targeted attacks and infiltration.

_{To learn more:}

_{- https://www.investopedia.com/terms/g/gator.asp}

_{- https://calhoun.nps.edu/server/api/core/bitstreams/8f0084f2-8c6b-4944-bd...}

_{- https://www.f-secure.com/sw-desc/180solutions.shtml}

_{- https://www.avira.com/it/blog/lo-stalkerware-si-sta-diffondendo-proteggi...}

_{- https://blog.rsisecurity.com/how-to-detect-pegasus-spyware/}

_{- https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives...}