Being targeted by spyware is like having someone go through your desk drawers without permission. It’s disturbing whatever the reason, but (as with any intrusion) what the culprit was after and how they got in determines how worried you should be.
It’s important to figure this out as there are many types of spyware, each employing different methods and targets. This article covers how all four main types work and who they target.
It also covers what to look for and what to do next, including:
- Signs your device is compromised
- Why some spyware removal tools actually make things worse
- What you can do to reduce your future exposure
The four main types of spyware software
There are at least four distinct types of spyware software, each with different mechanics and targets.
Type 1: Adware
Adware monitors your browsing habits and serves targeted ads based on your behavior. According to Kaspersky threat intelligence(nova janela), adware accounted for 62% of all mobile malware detections in 2025.
Adware is usually bundled with free software or apps — for example, a free flashlight app that functions as advertised (it’s less suspicious that way) while quietly making money by sending your browsing data to ad networks.
Adware can be relatively harmless when its goal is to sell you ads, and you’ll usually be able to see it doing so with injected ads and pop-ups. But when adware quietly harvests your personal data — your name, date of birth, and location — to sell to data brokers, it becomes a serious privacy threat. Treat all adware as a risk, regardless of how visible its behavior is.
Type 2: Keyloggers
Keyloggers(nova janela) record every keystroke you make. They steal passwords, credit card numbers, and private messages, then send them to whoever planted it.
Most keyloggers are delivered via trojan horse viruses (often known as trojans.) They’re malware disguised as a legitimate download — with pirated software and cracked apps among the most common vessels.
When you download and install a cracked version of a paid app, everything might seem fine: the app works normally. All the while, the keylogger is invisibly recording your keystrokes, and could capture something seriously sensitive, like your banking login details.
If this happens, you won’t know anything’s wrong until the damage is done — when your bank alerts you to a fraudulent transaction.
Type 3: Stalkerware
Stalkerware is used to monitor location, messages, calls, and browsing. It’s installed on a device without the owner’s knowledge or consent, usually by a partner, family member, or employer. Unlike other types of spyware, stalkerware requires physical access to install.
Legally sold apps marketed as parental controls (such as mSpy and FlexiSPY) are frequently used to monitor adult partners without consent. They run invisibly, log GPS location and read messages in real time.
If you’re concerned that stalkerware may be on your device, the Coalition Against Stalkerware (nova janela)offers confidential guidance and a directory of support organizations in your country.
Type 4: Zero-click mercenary spyware
Zero-click spyware works by exploiting vulnerabilities in device operating systems, which means that it doesn’t require any action from the device owner to install itself. Hence ‘zero-click’.
In 2021, a well-publicized investigation(nova janela) coordinated by Forbidden Stories with the support of Amnesty International found NSO Group’s Pegasus spyware on the devices of journalists, lawyers, and human rights defenders in multiple countries. Victims didn’t click on anything: their devices were compromised through an iMessage vulnerability.
Increasingly, the exploit chains developed for mercenary spyware like Pegasus are being used not just by repressive states, but by cybercriminals. Everyday users, not just high-value users, have something to fear.
Who is most at risk from each type
Adware: Everyone using ad-supported free apps is at risk of adware infection.
Keyloggers: Everyone who downloads apps or tools is at risk, but those who download from unofficial sources like torrent sites carrying pirated content are particularly vulnerable.
Stalkerware: The most specifically targeted type of spyware. Common targets include people in controlling relationships and employees working under invasive monitoring policies.
Zero-click: High-value targets like journalists, activists, lawyers, and executives need to be particularly vigilant, but anyone with a smartphone could be targeted.
Businesses face compounded exposure to adware, keyloggers, and zero-click spyware. A keylogger on just one employee device could compromise shared credentials and systems.
If your business handles sensitive client data, this won’t just impact the compromised individual: it opens you up to serious liability.
How to spot if your device has spyware
Spyware works mostly invisibly. As a result, you may not be sure if you have spyware on your device.
But there are signs you can look out for:
- Your battery is draining faster than usual, despite no change in usage patterns
- Your mobile data usage unexpectedly (and inexplicably) spikes
- Your device is idle, but it’s running hot — or your screen, microphone or camera activates for no reason
- Unfamiliar apps have appeared in your app list, and you don’t remember installing them
We’ve also written a a deep and comprehensive list of signs that your phone has a virus.
Zero-click mercenary spyware is particularly dangerous because it may produce none of these signs. If your profession puts you at elevated risk, the recommended path is to request analysis from Access Now’s Digital Security Helpline(nova janela) or Amnesty International’s Security Lab(nova janela).
How to remove spyware from your device
Your first instinct might be to download a spyware removal tool. That’s only natural, but don’t be hasty: you could be in danger of creating or compounding the very problem you’re trying to solve.
For Android users, we’ve written a comprehensive, step-by-step guide to removing malware from your device.
For iPhone users, iOS limits third-party app scanning, so you should update your iOS immediately, reviewing installed profiles under Settings → General → VPN & Device Management, and then contact Apple Support.
How to protect your device against infection
Typically, protection failures aren’t caused by anything out of the ordinary. They’re caused by common behaviors like reusing passwords, unencrypted connections, and software downloaded from unofficial sources.
Stop yourself falling into these traps, and you’ll be less vulnerable to spyware of any type.
Before downloading an app
Only install apps from official stores: Stick to official app stores on mobile (checking for developer’s names), and download desktop software only from the developer’s own site.
Watch out for ‘free’ tools (including anti-spyware tools): See above.
Keep your operating system updated: All forms of malware target known OS vulnerabilities. Updating your OS patches these vulnerabilities. This is your best defense against zero-click exploits like Pegasus in particular.
Review app permissions periodically: Revoke permissions that don’t match the app’s function. Settings → Privacy → Permission Manager (Android) or Settings → Privacy (iOS).
When using any apps
Use different passwords across accounts: When every account has a unique credential, keyloggers can’t capture multiple accounts by capturing one. Proton Pass is a secure password manager that generates and stores unique passwords with zero-knowledge encryption, meaning your credentials are encrypted before they reach Proton’s servers.
Use VPN on public WiFi: a VPN will protect you from public WIFI hosts who monetize their “free” service by selling your browsing history to ad-tech companies. A secure VPN(nova janela) like Proton VPN encrypts your connection so intercepted data is unreadable.






