Home
Blog
Mobile Under Fire: Spyware, Exploits & Zero-Click Attacks

Mobile Under Fire: Spyware, Exploits & Zero-Click Attacks

Avatar photo
Charles Ho
05/07/2025
Share this article:

Many organizations underestimate the risks associated with mobile devices, often perceiving them as less vulnerable compared to traditional endpoints like desktops and laptops. This perception can lead to insufficient security measures for mobile platforms.

Contrary to this belief, mobile devices face numerous security threats. Their widespread use makes them attractive targets for cybercriminals, and compromises can lead to unauthorized access to both personal and corporate data. Since mobile devices are now part of many companies’ workforce, breaching these devices poses a significant risk to organizations. Key mobile threats include spyware, zero-click exploits, and malicious applications, each presenting unique challenges to device security.

Here’s our deep dive into these mobile-first attacks.

Spyware doesn’t just stop at nation-state attacks like Pegasus

Spyware is a class of applications used to monitor devices and steal data. While spyware is often thought of as sophisticated technology, like the notorious Pegasus and Graphite spyware apps commonly used by nation-states, that’s not the norm when it comes to spyware.

While that type of high-tech spyware does pose major risks because it’s used to target high-profile executives, which leads easily to an organization’s data, other forms of spyware are far more prevalent and accessible. These apps, also known as “stalkerware,” can be used by parents, ex-domestic partners, or stalkers.

Many stalkerware apps are marketed to older men to “catch cheaters,” or targeted at parents to track their kids. Whereas legitimate use cases exist for parents monitoring their children, especially when they’re very young, the practice opens the door to potentially illegal and malicious apps downloaded from third-party websites. Similar apps can be—and are—also used by domestic abusers to stalk exes. Because they break the terms of conditions of app stores and border on illegality, many stalkerware apps are only available via third-party websites, which adds additional risk.

For example, a man in Singapore was jailed for installing a stalkerware app on his wife’s phone, which allowed him to monitor all her text messages and even to listen in “live” on her conversations. The subscription to the service cost only $80 per month and gave him access to all her call logs and social media messages. It even gave him the ability to steal her passwords via a keylogger and turn on her camera to spy on her directly.

The repercussions of stalkerware for businesses can be catastrophic. A disgruntled ex might obtain company secrets and then use them to blackmail his or her spouse, thus endangering the company. More specifically, a threat actor can install such malware on any unattended phone and gain full access to an executive’s communications.

The problem of stalkerware is larger than most people think. A survey conducted by Norton found that nearly 1 in 10 partners admitted to using a stalkerware app to monitor current or ex partners. Few legal repercussions exist for stalkerware makers and users, making the matter even more dangerous for businesses that would have little recourse if stalkerware compromised company secrets.

How spyware compromises devices, data, and organizations

Spyware and stalkerware are highly invasive tools. They can typically track keystrokes, access device data, monitor activity, access location data, or switch on the camera.

Even legitimate software can be used to illegally spy on mobile phones. For example, a woman in North Carolina was found guilty of installing spyware on a police officer’s phone. She installed Mobistealth, mSpy, and StealthGenie, all labeled “spyware” by the NC attorney’s office. However, Mobistealth and mSpy are still sold as parental control apps, and versions of the two tools are available on the official Google Play Store. Only StealthGenie was shut down after its creator was forced to pay a $500,000 fine.

Stalkerware is more likely to exist on third-party sites, especially when the stalkerware is truly invasive or when specifically marketed to track ex-lovers or other adults.

A 2025 study titled “Surveillance Disguised as Protection: A Comparative Analysis of Sideloaded and In-Store Parental Control Apps” found that sideloaded apps pose far more security concerns than Google Play Store apps. “This study found several privacy, safety, and security concerns regarding sideloaded parental control apps. “[…] Some problems are exacerbated in sideloaded apps, including excessive monitoring, inappropriate functionalities, and overlap with stalkerware, further compounded by a lack of safeguards,” the study said.

Even Trusted App Stores Aren’t Safe

Downloading any apps from third-party sites significantly increases risk. Such apps aren’t vetted by any app store’s automated and manual checks. Not only is the host website at risk of being compromised, but the app itself may be hosting malware, putting the device at risk.

However, even apps in the Apple App Store and Google Play Store can contain malicious code. In early 2024, over 90 decoy apps in the Google Play Store, downloaded 5.5 million times, were found to contain a banking Trojan. In late 2024, another 200+ malicious apps were found on Google Play, containing all sorts of malware, including adware, banking malware, and spyware.

Fewer reports of malware exist for iOS, but they do exist, such as this screenshot-grabbing malware that steals cryptocurrency.

Here again, the organizational impact can be devastating, especially in companies with a BYOD (“Bring Your Own Device”) policy in place. Users will install whatever they want on a personal device; and, unless that device is secured, any instance of malware on the device will automatically give threat actors access to business data.

Hackers can target high-value individuals specifically, especially through romance scams where the hacker strikes up a faux romantic relationship purely for the purpose of corporate espionage. The use of romance in espionage is well documented, as when the threat group Transparent Tribe allegedly engaged in romance scams to get users to install malicious apps.

In a tragically ironic twist, a spyware company itself can also be hacked, further revealing private information. This occurred to a Minnesota-based spyware company called Spytech, where records for 10,000 devices were leaked as a result of a data breach. When it comes to spyware and stalkerware, a data breach can be catastrophic because of how invasive these apps are. A leak on the developer side may mean a threat actor is getting away with troves of personal and organizational data.

Zero-Click Exploits Make Device Compromise Easy

One of the scariest new developments in mobile malware is zero-click exploits. These exploits don’t require any interaction from the user, making a compromise trivial. For example, one exploit only required sending a malicious file to a WhatsApp account, and the malware was instantly installed. The recipient didn’t even need to take any action on the attachment. The Pegasus spyware famously uses this method to install itself on high-profile targets such as politicians and journalists.

These attacks are extremely dangerous because the recipient is defenseless. If they have no mobile device protection installed that detects anomalous behavior on the device, then the malware will sit unnoticed indefinitely.

The most common method of delivering the zero-click payload is through unpatched messaging apps. Sometimes, the vulnerability exists in a system app, as occurred when the iOS iMessage app allowed hackers to deliver zero-click payloads.

Zero-click attacks tend to be highly targeted and can be used to access privileged business information, sensitive communications, or other IP of high-profile victims. The Pegasus malware can jailbreak iPhones, giving the hacker root access to sensitive areas of the operating system. It also collects all communications and location data on the phone.

What organizations can do

Organizations should immediately incorporate mobile device security as part of a holistic cyber resilience strategy. Businesses tend to think of desktop and laptop devices when considering cybersecurity and only deal with mobile security as an afterthought. In some cases, mobile security is even completely ignored.

However, mobile security should be a top priority because they contain more and more information and are easily lost, stolen, or compromised. As an immediate priority, companies should implement visibility into their devices. That means implementing a mobile MDR solution that lets one quickly determine anomalous behavior.

Mobile device management (MDM) isn’t enough to manage risks and contain threats. In many cases, MDM has even been found useless in modern threat protection. Mobile MDR is the most effective protection solution. It offers organizational MDR benefits but for mobile devices. It also lets your company proactively identify threats, thus mitigating risks. Using mobile MDR can significantly speed up incident response, which reduces the amount of damage that is done.

SolCyber offers a comprehensive MDR solution in partnership with leading mobile MDR provider iVerify. To learn more about how to protect your business’s mobile devices, visit our mobile device security page.

Avatar photo
Charles Ho
05/07/2025
Share this article:

Table of contents:

The world doesn’t need another traditional MSSP 
or MDR or XDR.

What it requires is practicality and reason.

Related articles

Businesses don’t need more security tools; they need transparent, human-managed cybersecurity and a trusted partner who ensures nothing is hidden.

It’s time to move beyond the inadequacies of current managed services and experience true security management.
No more paying for useless bells and whistles.
No more time wasted on endless security alerts.
No more dealing with poor automated services.
No more services that only detect but don’t respond.
No more breaches caused by all of the above.

Follow us!

Subscribe

Join our newsletter to stay up to date on features and releases.

By subscribing you agree to our Privacy Policy and provide consent to receive updates from our company.

CONTACT
©
2025
SolCyber. All rights reserved
|
Made with
by
Jason Pittock

I am interested in
SolCyber XDR++™

I am interested in
SolCyber MDR++™

I am interested in
SolCyber Extended Coverage™

I am interested in
SolCyber Foundational Coverage™

I am interested in a
Free Demo

11618