Stalkerware Detection & Harassment — Confidential Digital Investigation

The sensation of being watched is terrifying. When you suspect that your own smartphone—the device that holds your most intimate conversations and location history—has been turned into a weapon against you, the psychological toll is immense.

Stalkerware is commercially available, incredibly cheap, and devastatingly effective. It is designed specifically for domestic abusers and stalkers to monitor their victims in real-time, completely invisibly.

If you are dealing with an abusive ex-partner, a stalker, or severe harassment, confirming and removing these digital chains is the first critical step toward regaining your safety and privacy.

Stalkerware is designed to hide from the user, but it cannot hide from the operating system. It leaves distinct behavioral and resource footprints.

The most common physical symptom is severe battery degradation. The phone is constantly working in the background, recording audio, taking screenshots, and uploading massive amounts of data via cellular networks.

You may also notice the screen waking up inexplicably, strange background noise during phone calls, or the phone running physically hot when sitting idle.

Forensically, we look for anomalies in the OS permissions. Applications masquerading as 'System Services' that have inexplicably been granted 'Accessibility', 'Device Administrator', or 'Screen Recording' permissions are immediate red flags.

The deployment of stalkerware almost always requires brief physical access to the device (unless the device is an iPhone and the attacker has the iCloud credentials).

The attacker will wait for the victim to leave the phone unattended and unlocked for just 3-5 minutes. They navigate to a specific URL, download the payload, grant it all necessary permissions, and then hide the application icon.

Once installed, the stalkerware operates as a silent service. It intercepts WhatsApp messages before they are encrypted, logs every keystroke (including passwords), and streams the device's GPS coordinates to a web dashboard controlled by the abuser.

The harassment often escalates as the abuser uses the stolen information to confront the victim, manipulate their social circles, or threaten them with private media.

Our stalkerware investigations are conducted with extreme care, prioritizing victim safety above all else.

We instruct clients NOT to confront the suspected abuser or attempt to delete the app, as many stalkerware variants alert the abuser if tampering is detected.

We perform a deep forensic analysis, bypassing the UI to analyze the raw package manifests and running processes. We identify the specific malware variant (e.g., Cerberus, mSpy, FlexiSPY).

Crucially, we do not just find the malware; we extract the configuration files. This allows us to identify the command-and-control server and, frequently, the email address or account ID the abuser used to purchase the software, providing actionable evidence for law enforcement.

Upon identifying the threat, we provide a detailed forensic report that can be used to obtain a restraining order or pursue criminal wiretapping charges.

We then perform a complete 'scorched earth' remediation. We safely back up essential data, perform a low-level cryptographic wipe of the device, and guide the client through securing their accounts and establishing a new, untainted digital identity.

We also provide strategic advice on physical safety and counter-surveillance during the transition period.