Module 03 Spyware

When you think of a  Cyber Attack  what’s the first thing that comes to mind?

Probably the sterotypical
hoodied hacker

infiltrating your personal
computer and stealing
sensitive data like:

  • passwords
  • financial information
  • social security numbers
  • and the like. This kind of attack involves spyware.


Spyware is malicious software installed on a computer without your knowledge, and it’s used to collect your private information. Spyware comes in many forms.

Let’s  Dig  In.

Less concerning spyware includes adware, which generates unwanted
advertising like pop-ups and tracking cookies, which track sites the user has visited. However, some spyware has serious consequences.

A few of these nefarious types are:
  1. Keyloggers
  2. Rootkits
  3. Remote Access Trojans (RATs)


Keystroke logging hardware
or software tracks and records every keystroke entry a user
makes on their computer.

It’s not always necessarily
malicious, as some keyloggers are legitimate IT monitoring tools, but more often than not, it’s used by hackers to capture sensitive information to exploit
unsuspecting users.


A rootkit is a software collection typically designed
to enable administrator-level access to a computer and
often masks its existence.

This unauthorized access
can allow existing software
to be modified, including software that might
otherwise be used to
detect or circumvent it.

Rootkits typically enter a computer through a Trojan horse virus, suspicious email attachment, or the installation of a “special” plugin (pretending to be legitimate) needed to correctly view
a webpage.

Remote Access Trojans (RATs)

RATs are a common form of spyware that give attackers complete control over a
victim’s system.

They can be used to steal sensitive information, spy on victims through the system’s microphone and web camera, and remotely control the computers they infect.

Social engineering and spear phishing are common ways RAT attacks are carried out.

Look out for anyone trying to convince you to give up personal information, and be wary of emails, even from trusted sources, containing unrequested links and downloads.

Get  Real.

NSO Group Technologies, an internet software security solutions company that operates in the international intelligence field, created
a proprietary monitoring tool called Pegasus.


was discovered to have been used in a targeted attack on human rights activists through a malicious
link texted to an iOS phone.

Clicking on the link

allowed Pegasus to be installed on the device

gathering all
and locations

on the targeted phones including data from:

  • Gmail, Facebook
  • iMessage, Viber,
    WhatsApp, Telegram
  • Skype communications
Once the phone was infected,
spies could actively


with the phone’s
microphone or
video camera,

personal data

like calendars,
contacts, and
passwords, or

all the data
on the device

including emails, photos,
and browser history.

Knowledge Check Module 3


Use what you’ve learned about spyware to select the best answer to the following questions.

    1. Your Chosen Answer: Your Chosen Answer:

  • Select a module below to continue.

    Click the previous arrow to review the Knowledge Check.