A Look at 5 Spyware Types and Real-World Examples

A Look at 5 Spyware Types and Real-World Examples

1 Star2 Stars3 Stars4 Stars5 Stars (10 votes, average: 5.00 out of 5)

According to Malwarebytes, detections of spyware rose by 1,055% in 2020! The problem clearly isn’t going anywhere. So, if you’re curious about the different types of spyware out there and want to explore some real examples of them that have been found in the wild, read on

Spyware is a type of malicious software (malware) that snoops on you, monitoring your actions and stealing your data without your knowledge. Spyware comes in many forms, including trojans, viruses, worms, and keyloggers. Basically, anything capable of eavesdropping or spying on a target is known as spyware.

Cybercriminals use these stolen data for financial fraud or identity theft. They might also sell victims’ data to organizations, politicians, advertisers, competitors, or other hackers. There’s really nothing that bad guys won’t do when they get their hands on sensitive information. This is why it’s important to understand the different types of spyware that exist so you can protect your sensitive data and systems from attackers who use them.

This article will look at five common types of spyware and explore some real-world spyware examples.

5 Common Spyware Types and Examples

Not all spyware is the same − different types have different aims and modes of operation. In this list, we have classified three types based on their end goals and two based on how they work.

1. Camera Hijacking Spyware

This type of spyware accesses the targeted devices’ cameras, using them to take pictures and record video. Phones, PC webcams, and tablets can all be affected. The spyware operator can see your surroundings and monitor your actions with this software. Camera hijacking is carried out for multiple reasons by different actors, for example:

  • Carry out state-sponsored espionage,
  • Blackmail victims, and
  • Monitoring students or employees at home or when working remotely.

An Example of Camera Hijacking Spyware

One of the most infamousspyware examples comes in the form of a camera hijacking spyware created a situation monikered “WebcamGate.” Schools in Philadelphia used LANrev’s TheftTrack program to spy on students by remotely activating webcams on the school-issued laptops that students were using at home.

School officials admitted that they secretly snapped more than 56,000 images, including webcam shots of students in their bedrooms and screenshots of their web browsing, instant messages, and music playlists. Students were unaware of this activity as TheftTrack had disabled their webcams for regular usage — they were under the impression that their cameras weren’t working!

2. Adware Spyware

This spyware types graphic is an example of adware. It's an image of a woman holding a fake popup window warning "virus detected"
An example image of a fake warning popup message that can display on your screen when you have adware installed on your device.

Adware infects the victim’s device and monitors their online activities and search keywords. The goal? To show them unsolicited advertising. This type of software usually has a network of affiliates that pay the spyware operator on a pay-per-click (PPC) basis. The adware shows unwanted advertisements based on the target’s preferences and browser search history. They also might sell the victim’s details on the darknet to advertisers to help them understand consumers’ psychology, buying habits, product research phases, and so on.

While adware isn’t always harmful in the sense of destroying your device, it’s absolutely a breach in privacy and trust. It’s also annoying because it causes unsolicited ads to pop up frequently on your device. It also raises concerns over data privacy and can open the door to other types of malware being installed on your machine.

Web Browser Corrupting Spyware

This is a type of adware that hides inside your web browser and changes your default homepage to one of its’ affiliates’ pages. Plus, whenever you search anything on the search engine, it automatically redirects to or opens up the affiliate websites related to your keywords. A web browser corrupting spyware also may add its clients’ websites to your bookmark pages.

Adware Spyware Example

Adware.DollarRevenue is a type of spyware that installs itself on users’ devices by exploiting browser vulnerabilities. It adds itself as a browser add-on, plugin, or extension, then displays unsolicited popup ads and redirects victims to websites containing “sponsored links.” This type of malware also installs other unwanted software applications on your device and asks you to share your personal information.

In extreme cases, Adware.DollarRevenue manipulates the Windows registry and security settings on the victim’s computer. This leaves the device vulnerable to other future attacks and spying-related activities.

3. Keylogger Spyware

This spyware types graphic is an illustration of a keylogger
A stock image that illustrates the concept of keylogging malware, which monitors and records the keystrokes input on your device.

Keyloggers monitor the victim’s activity by recording their keystrokes. When the user enters a PIN, password, payment card number, or other sensitive information, the keylogger records it and sends it to its operator. Most of the time, keyloggers come with screenshot-taking capabilities, too.

Keyloggers are legal when they are used with the consent of the person whose activities are being monitored. Some companies and educational institutes install them on their employees’ and students’ computers to monitor employees’ activities during work hours or proctor students’ exams remotely. Sometimes with their knowledge, sometimes without.

However, keyloggers are commonly used for destructive purposes. Hackers use keyloggers to carry out many malicious activities, including:

  • Stealing your login credentials, and
  • Capturing sensitive information, trade secrets and research data, and
  • Keeping an eye on your professional or personal communications.

Keylogger Spyware Example

RemoteSpy is one of those spyware examples that’s equipped with keylogging capabilities. CyberSpy Software LLC sold this malicious software to organizations and advertisers to enable them to monitor consumers’ computers secretly. Without the targeted consumers’ knowledge, RemoteSpy collects data regarding a variety of personal information, including:

  • Demographics,
  • Internet searches,
  • Shopping preferences, and
  • Online activities and behaviors.

RemoteSpy provides internet activity logs of any chosen remote computer. CyberSpy claims that security software can’t detect it, so there’s no need to disable it on the monitored device. Gee, how comforting.

Although a U.S. District Court banned the sale of RemoteSpy on the basis of the Federal Trade Commission’s (FTC) request to protect consumers’ privacy, it’s still sold and used openly within the United States. It’s also used abroad in other countries as well. 

4. Trojan Spyware

Spying can be done through many types of malware like viruses, worms, and rootkits. However, there’s one malware example, in particular, that is designed to be perfect for infiltration: trojans. With a namesake that originates from an ancient myth about a massive wooden horse and the ultimate act of subterfuge, trojans are malicious programs that mimic legitimate software and trick users into downloading and installing them. Sometimes, they’re hidden inside legitimate applications that become compromised.

Once installed on a victim’s device, trojans can:

  • Monitor users’ actions
  • Intercept their data
  • Steal banking credentials
  • Lock their screens
  • Do other types of damage

A trojan won’t work until the victim activates it and grants it the necessary permissions to do what it is programmed to do. Trojans can’t replicate themselves, either, and won’t spread to other files and devices, as viruses do.

Trojan Spyware Example

In February 2021, ESET reported a new supply chain attack (dubbed Operation NightScout) that targeted gamers in several Asian countries. The attack involved three malware variants, including a new version of the trojan spyware named Gh0st RAT, and appeared to target users in Taiwan, Hong Kong, and Sri Lanka.   

Attackers were infecting NoxPlayer (a free Android game emulator for PCs and Macs) in order to use the compromised app to gain access to users’ devices. The trojan operators breached NoxPlayer’s API infrastructure and used social engineering tactics to induce targeted victims to download the trojan.

Once users installed and activated the malicious payloads, the hackers could access their infected devices remotely. It acts like camera hijacking spyware and allows the hackers to take pictures and record video using the victim’s camera as well as carry out keylogging activities. While sending the collected data to the C&C server, the trojan uses an encrypted TCP communication channel to avoid detection.

5. Zero-Click Spyware

Zero-click spyware invades users’ devices without them needing to click on any links or download anything manually. It finds the vulnerabilities in an existing system and penetrates the device without any active involvement from the user’s end. It works on a trial-and-error method and keeps trying to enter into the device until it finds a security loophole in a program, operating system, or app.

For example, you could get a WhatsApp message from an unknown person containing zero-click spyware. Even if you don’t open the message or click any links in it, the payload can infect your mobile device. It works silently in the background, and you won’t know anything about it. 

Zero-Click Spyware Example

The NSO Group’s Pegasus spyware is probably the most famous zero-click spyware. It has been used to spy on targeted victims, ranging from activities and journalists to politicians and even private citizens.

According to a report published by Citizen Lab on Sept. 13, 2021, Pegasus spyware exploits a vulnerability in iOS’s image rendering library and invades Apple devices via iMessage. Because it is zero-click spyware, it doesn’t require victims to click on the link they received on the iMessages to get the infection.  

Apple quickly fixed this vulnerability (CVE-2021-30860) and has since asked users to update their phones. However, there are still a lot of questions that remain largely unanswered:

  • How many people are affected by the spyware,
  • What information has been leaked, and
  • What victims can do to detect and remove the Pegasus spyware from their Apple devices.

Wrapping Up on the Different Spyware Types and Their Real-World Examples

There are many types of spyware — the five above being just some common examples. We recently covered several other spyware examples that shook the cybersecurity world in 2021. Although there are laws that regulate snooping activities, some lines are still blurred. Some companies regularly use programs to track consumers’ online activities, study their buying habits, and craft customized advertisements.

In the same way, keyloggers are also legal in some cases. There are professional service agencies that sell spyware to keep an eye on students, employees, kids, and even spouses. The laws regarding spyware are evolving continuously according to advancements in technology, and it’s likely that this software gray area isn’t going away any time soon.

About the author

Medha is a regular contributor to InfoSec Insights. She's a tech enthusiast and writes about technology, website security, cryptography, cyber security, and data protection.