WP What is Spyware | Types, Removal & Pevention | Imperva


App SecurityAttack ToolsEssentialsThreats

What is Spyware?

Spyware is a type of malware that logs information about the user of a computing device and shares it with third parties.

Some types of spyware are packaged with seemingly legitimate applications installed by a user. Some malware are deployed without the user’s knowledge, via malicious websites, infected email, or other methods used by other types of malware. Cookies can also serve as a type of malware, if they allow websites to track a user’s activities without their consent, or in a way that is illegal.

Spyware removal and prevention is similar to other types of malware: users should avoid clicking on suspicious links or visiting unknown websites, and should deploy anti-malware protection. Another important preventive measure for spyware is cybersecurity solutions that perform real-time monitoring on the device to detect communication that could originate from spyware.

How Spyware Infects Devices

Spyware uses various methods to hide itself so it can operate without alerting the user. It is often hidden in seemingly legitimate websites or downloads. Spyware can be incorporated into legitimate programs and websites through exploitation, without the knowledge of the original software vendor or website publisher. In other cases, malicious software vendors or website publishers intentionally deliver spyware to their users.

Bundled software packages (known as bundleware) are a common method of delivering spyware. In this case, spyware is intentionally attached to other, legitimate programs the user downloads and installs. Some bundled spyware is installed secretly, while in other cases, the license agreement may actually mention the spyware, but describe it in other terms. This forces users to agree to a full package that includes spyware, thus infecting themselves.

Spyware can also infect user devices in the same ways as other types of malware: for example, when a user visits an infected website or opens a malicious email attachment.

Types of Spyware

Below are the most common types of spyware.


Malicious adware often comes with freeware, shareware programs and utilities that are downloaded from the Internet or silently installed when a user visits infected websites. It displays unwanted advertising on the user’s device, and can slow down or otherwise interfere with the device’s functioning. In some cases, the ads displayed contain malicious links, leading to deployment of other types of malware.

Internet Cookies

Cookies that track and log personally identifiable information (PII) and Internet browsing habits are one of the most common types of adware. Advertisers can use tracking cookies to track which web pages users visit, in order to target ads in marketing campaigns. In some cases, advertisers might track a user’s browser history and downloads for the purpose of displaying pop-ups or banner ads.

Because data collected by spyware is often sold to third parties, regulations such as the EU General Data Protection Regulation (GDPR) have been put in place to protect the PII of website visitors.

Keyboard Loggers (Keyloggers)

A keylogger is a type of spyware used by cybercriminals to steal PII, login credentials, and sensitive corporate data. There are some legitimate users of keyloggers—for example, employers may use keyloggers to monitor employees’ computer activity, device owners might use it to track unwanted activity on their own devices, or law enforcement agencies might use it to investigate computer-related crimes.

There are two main types of keyloggers:

  • A hardware keylogger is similar to a USB flash drive. It acts as a physical connector between the computer keyboard and the computer, but in addition to transmitting keyboard signals to the device, it saves them or transmits them to a third party.
  • A software keylogger is a program that saves or transmits keyboard activity without requiring physical access to the device. Software keyloggers can be intentionally planted by third parties interested in monitoring the device, or downloaded unknowingly by the user. In other cases, keyloggers are deployed as part of a rootkit or trojan already running on the device.

Banking Trojans

A banker trojan is a type of spyware that accesses and records sensitive information processed through or stored in online banking systems. It is usually disguised as legitimate software while performing malicious actions, such as:

  • Modifying web pages on an online banking site
  • Adding transactions to benefit the threat actor
  • Altering the values of transactions

Banker trojans include a backdoor that allows the program to send all collected data to a remote server. This type of spyware often targets financial institutions, such as banks, brokerages, electronic wallet providers, and online financial services. The sophisticated design of banker trojans makes them difficult to detect, even by state-of-the-art security systems.

Mobile Spyware

Mobile spyware is dangerous because it can be delivered via SMS or MMS messages, and usually does not require user interaction to deploy on the device. If a smartphone or tablet is infected with mobile spyware, the spyware can perform a range of activities including:

  • Sideloading third-party applications
  • Using the smartphone’s camera and microphone to monitor the user’s surroundings
  • Recording calls
  • Recording browsing activity and keystrokes
  • Monitoring the device owner’s location via GPS

Because of the personal nature of mobile devices, mobile spyware can present a serious danger to a user’s privacy and personal safety. It can, for example, be used by criminals to extort the user, or plan other crimes like burglary and physical assault.

How to Remove Spyware

Spyware is a common problem for Internet users. If you suspect a device is infected, here are steps to fix the problem.

Removing Spyware from a Desktop Computer

If you suspect that a desktop or laptop is infected with spyware, try the following steps:

  • Scan the device with anti-malware software and if a threat is identified, remove it.
  • Consider deploying an anti-spyware tool that can continuously monitor the system and prevent spyware from accessing or changing the device owner’s personal information.

Remove Spyware from a Mobile Phone

If you see any signs of a spyware infection on a mobile phone, try the following steps:

  • Uninstall unfamiliar apps.
  • Scan the device with a mobile anti-malware application.
  • If all else fails, back up the phone’s data and reset the phone to factory defaults.

Spyware Protection and Prevention

The following best practices can help users protect their devices against spyware:

  • Only open emails from known sources.
  • Only download files from a reputable source.
  • View links before clicking on them by hovering over them to ensure they are correct.
  • Only use trusted cybersecurity solutions for anti-malware and spyware protection – many programs disguised as anti-spyware solutions are themselves spyware.

An important protective measure against spyware is real-time protection. Spyware typically uses the network to transfer private information to third parties. Cybersecurity solutions with real-time monitoring can identify these communications and discover spyware, even if it could not be detected by other methods.

Spyware Protection with Imperva

Imperva’s Web Application Firewall (WAF), deployed at the network edge, uses signature, behavioral and reputational analysis to block malware injection attacks on websites and web applications.

Beyond malware protection, Imperva provides comprehensive protection for applications, APIs, and microservices:

Web Application Firewall – Prevent attacks with world-class analysis of web traffic to your applications.

Runtime Application Self-Protection (RASP) – Real-time attack detection and prevention from your application runtime environment goes wherever your applications go. Stop external attacks and injections and reduce your vulnerability backlog.

API Security – Automated API protection ensures your API endpoints are protected as they are published, shielding your applications from exploitation.

Advanced Bot Protection – Prevent business logic attacks from all access points – websites, mobile apps and APIs. Gain seamless visibility and control over bot traffic to stop online fraud through account takeover or competitive price scraping.

DDoS Protection – Block attack traffic at the edge to ensure business continuity with guaranteed uptime and no performance impact. Secure your on premises or cloud-based assets – whether you’re hosted in AWS, Microsoft Azure, or Google Public Cloud.

Attack Analytics – Ensures complete visibility with machine learning and domain expertise across the application security stack to reveal patterns in the noise and detect application attacks, enabling you to isolate and prevent attack campaigns.

Client-Side Protection – Gain visibility and control over third-party JavaScript code to reduce the risk of supply chain fraud, prevent data breaches, and client-side attacks.