Malware analysis

Malware: What is spyware?

September 11, 2019 by Greg Belding


Many things in life come with their downsides, and unfortunately, the internet is one of them. Spyware is an unavoidable (without proper measures) thorn for those traversing the web and can ruin your cyber life faster than you can receive that shopping order you placed online (from the same site that infected you). 

This article will detail what spyware is, different spyware types, what spyware can do to your system and some tips on how to prevent this malignant threat.

What is spyware?

Spyware is malicious software that clandestinely collects and shares computer and network info. This collected information is then shared with the software’s creator, cybercriminals, unscrupulous advertisers and marketers and anyone else who may find that information valuable. Spyware can be installed via the usual suspects of malware including websites, email and ads lying in wait for unsuspecting victims, but also via removable drives and installing freeware/shareware. 

The information collected from computers includes names, addresses, bank account information, Social Security Numbers, passwords and more. A critical aspect of spyware is being able to send this information back to its creator or cybercriminals, making having a connection to the internet pivotal. 

What can spyware do?

There are a couple things to remember with spyware. First, the “spy” in spyware is not referring to James Bond, but rather more like someone spying right over your shoulder as you enter information into a computer. This means they can see all of your private information, not to mention your login credentials and other information you would never want divulged to the world.

The second thing is to keep in mind that the intended target for spyware is not a physical computer (unlike ransomware) but is YOU. All of your sensitive information is valuable to cybercriminals and others on the dark web, which is where they perform their illegal deeds. Spyware can be thought of as the link between you and computer-based identity theft.

Spyware types

There are five main types of spyware around today. You might consider them the spyware usual suspects.


Sometimes known as system monitors, keyloggers record keystrokes entered on computers. This type of spyware can be either software (installed covertly most times) or hardware — an example being a malicious insider installing a keylogger via a USB flash drive. This is a particularly nasty type as it can record all of your information — potentially every character a user types is available to steal.

Password stealers

This type does just that: steals passwords entered on computers, and not just the password but your login as well. Password stealers may take passwords for email, banking and social media accounts. 


Adware is addressed in its own article, but many sources consider it a type of spyware, so we can double up a little. Used by unscrupulous advertisers and marketing data organizations, adware tracks browsing data and then uses that data to display advertisements based upon what the user clicked.


This type of spyware is used by third parties to collect sensitive information entered on an infected computer. This sensitive information includes usernames, passwords, browser history, log files and emails, just to name a few. Infostealers normally find their way onto a computer through web browser security vulnerabilities.

Mobile spyware

Mobile phones are not let off easy when it comes to spyware. This type is attached to SMS and MMS messages, and phones become infected just by receiving the message without any user interaction. The end result includes using the mobile’s camera and microphone to snoop on the user, monitoring mobile’s web browser search history, key monitoring and phone calls.


There is no stopping spyware from being on the web, but you can reduce the chances of becoming infected. This should be a fairly standard list to the security-minded, but it is all worth saying again:

  1. Make sure your computer has all of its security updates installed promptly
  2. Use an anti-malware, antivirus and anti-adware solution
  3. Stay away from dubious websites
  4. Tighten your web browser’s security settings or use Brave, which can be found here. Brave is based on the Google Chrome web browser but has the security setting turned up to 11 right out of the box. This browser offers statistics for how many trackers and ads it has blocked since install. To date, mine has blocked 54,422 and 124,120 respectively.
  5. Try to avoid freeware and shareware. This type of attractive software is normally just loaded with spyware. There is no such thing as a free lunch, and this applies to software too
  6. Do not click on pop-up ads. It doesn’t matter how good that deal is or how scrumptious those multi-colored macarons look, just don’t do it!


Certain things in life come with inherent risks — cold weather comes with frostbite, humid environments come with mosquitoes and the internet comes with spyware. Although there are different types of spyware, it all generally infects computers through either web browser security vulnerabilities or by user actions, including clicking on a link or downloading spyware-laden freeware. 

Do not let this dissuade you from all the usefulness that is the internet. Simply tighten up your security practices and get back to enjoying your time online.



  1. Recognizing and Avoiding Spyware, CISA
  2. Spyware, Veracode
  3. 4 Common Types Of Spyware And How To Detect Them, Managed Solution
  4. What Is Spyware? (+5 Ways Hackers Try to Steal Your Info), G2
Posted: September 11, 2019
Greg Belding
View Profile

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.