Stalkerware -software for stalking- is a class of malware aimed at targeted surveillance of individuals.
On contemporary mobile platforms, such monitoring is often enabled not through remote exploitation, but through authenticated access, coercion, and reconfiguration of devices. This creates a gray zone in which surveillance can be implemented via purpose-built stalkerware, but also by weaponizing dual-use applications or native OS-features.
To better understand this class of threats, we've studied definitions, classification, behavior and detection performance through literature in order to address some of the current research gaps. Based on our research, we propose an attack-centric perspective that grounds definitions and analysis in attacker access, persistence, and coercive objectives rather than application identity alone. We consolidate an end-to-end stalkerware attack lifecycle, with particular relevance to real-world Intimate Partner Violence (IPV) scenarios.
