The emergence of ‘Creepware’ and the Next 12 Months in Security and Privacy

A new word to add to the lexicon…:

[…] By this time next year, we expect the world will be familiar with the concept of “Creepware.” These are applications meant to harass victims, allowing attackers to launch a variety of personal attacks that embarrass, bully or otherwise disrupt their victims’ lives. Cyber security researchers, including researchers with NortonLifeLock, have been tracking the phenomenon as operators of download sites battle to keep creepware out of their app stores. Despite their efforts, new creepware apps replace the removed apps. Making it more difficult, the developers behind creepware products often attempt to obfuscate their app’s purpose to evade policy enforcement.

Over the course of 2019, NortonLifeLock found a significant number of creepware apps being used to spy on people for interpersonal kinds of attacks. In fact, we located 1,000 creepware and surveillance apps that Google subsequently removed from its Google Play Store.

Attackers are getting very creative in the type of nasty and abusive apps they use to target each other. For instance, some creepware apps can hit a person with hundreds of text messages at one time. Imagine if the victim had a pay-per-text plan. This could result in a very expensive phone bill. Or consider what can result from the use of spoofing programs that send out fake texts. A domestic abuser now has a tool they can deploy to send messages that could potentially ruin someone’s relationships with their friends and family. Other apps offer impersonation capabilities that can be used to frame people. The list goes on, but this is uniformly bad news for the victims. Until now, the general public has been largely unaware of this threat. We expect this to change as creepware goes mainstream over the course of the next 12 months.

[…]

Original article here