9 Spyware Warning Signs

With more training material available online than ever, hackers have become adept at targeting individuals and organizations in a variety of different ways. One of the most effective ways hackers compromise devices and networks is by using spyware.

But what is spyware? The best way to define spyware is any piece of software/application that enters a given device and starts gathering all types of data without the user’s consent. Finally, the malicious program passes the data to the hacker or another third-party actor. Spyware typically runs undetected in the background of users’ everyday tasks on the infected computer/device. Still, there may be several warning signs spyware is present.

Signs of Spyware

The nine spyware warning signs are given below.

  1. The browser has been hacked.
  2. You start a search, but another untrusted browser finishes it for you.
  3. The computer is unreliable, laggy and regularly locks up or crashes.
  4. The computer is continuously bombarded with pop-up advertisements on your screen.
  5. You receive high-priced phone bills for calls.
  6. The transmit and receive lights on your modem are actively blinking.
  7. Unknown files suddenly emerge on your PC.
  8. The CD drawer begins to open and close on its own.
  9. You discover emails in your “Sent Items” folder that you never sent.

There are many other less significant spyware warning signs as well. But for clarity, this guide will focus on the above nine warning signs of spyware.

1. The Browser has been Hacked

Perhaps the clearest sign of spyware is a hijacked browser. Web browsers are software applications that allow any user with an internet connection to browse the global internet. Modern web browsers do several other things as well, but ultimately, browsers are just applications—ones that hackers can compromise.

The most common technique is known as browser hijacking. And the most common sign that a browser has been hijacked is when the user’s homepage is changed. Hackers can also reset the user’s homepage to one containing explicit images and text or present a seemingly genuine website that’s really designed to steal the user’s personal information. One way to confirm a browser has been hacked is to try changing the homepage. If, upon a restart, the homepage reverts back to the suspicious new site, that is a confirmed sign the browser has been hacked. Spyware could have been installed on the device as well.

2. You Start a Search, but Another Untrusted Browser Finishes it for You

An image featuring a malicious browser with spyware concept

Another classic sign of spyware infection is when a user starts to search for something using a browser or app, but the search results aren’t returned by the same browser/app. This usually indicates that hackers have installed some type of spyware that can redirect the user’s queries from one app to another (in most cases, a malicious app).

If the user doesn’t remember installing the untrusted browser, that’s another confirmation of spyware. The only way an untrusted app can appear is if hackers are controlling the device and installing apps in the background without the user’s consent. As a result, the user will not be able to search using a trusted web browser. Moreover, each time the user finishes a search using an untrusted browser, hackers behind the untrusted browser (and the website the untrusted browser uses to return search results) will make a tiny sum of money either via Google ads or a third-party service.

3. The Computer is Unreliable, Laggy and Regularly Locks Up or Crashes

As computers (including smartphones, laptops and desktops) age, the performance levels are bound to decline. An outdated computer will take longer to launch apps and load web pages. But when a computer becomes so laggy and slow that apps start crashing or locking up regularly, there may be spyware on the system. That’s especially the case when a computer becomes totally unreliable for carrying out tasks that take a lot of time. Users also must remember that spyware can eat up disk space, which can lower performance and make the device laggy. If the spyware is configured to run in the background, even more resources will go to waste and hence cause a crash. Depending on the spyware, hackers could mine cryptocurrency or use the device for a password-cracking botnet.

4. The Computer is Continuously Bombarded with Pop-up Advertisements on Your Screen

One of the more common signs of spyware infection is when pop up notifications and advertisements show up on the screen without any kind of input. Sometimes, the user may open an application to complete a task but instead sees a full-screen ad. Other times, the device may change the ads the user sees on a given website or app. Hackers can get all the code required to change the device’s behavior to show ads and pop-ups via the spyware program. If additional assets are needed, such as new images or offers, the spyware can be downloaded by contacting the hacker’s headquarters operation. The final effect on the user’s device is lots of ads, distractions, clutter and increased data usage.

5. You Receive High-Priced Phone Bills for Calls

An image featuring high priced phone bills representing spyware concept

Receiving high-priced phone bills for calls is not the first sign smartphone users would typically think of in considering the warning signs of spyware. But spyware can increase phone bills. Based on the skills and resources of the spyware developer(s), the victim can experience adverse effects such as higher phone bills. First, the spyware could consume high amounts of internet data to record personal information and send the data back to the hacker’s operations. If the spyware is also programmed to make or record calls and then send the conversation to a third party, the phone bill at the end of the month will be higher than normal. Hackers who successfully manage to gain remote access to a device may use the compromised device to subscribe to extra services from the victim’s phone service provider or a different one. Unwanted subscriptions can also lead to higher bills.

High-priced phone bills for calls will affect the victim’s budget and lead to a slower smartphone and loss of personal information.

6. The Transmit and Receive Lights on Your Modem are Actively Blinking

An image featuring Wifi router lights concept

Some internet users may not pay attention to the equipment that connects the whole house or office to the internet—that is, the modem. Modems (and routers) are responsible for enabling millions of users to go online and accomplish tasks daily. However, hackers can also compromise such devices by exploiting the LED lights available on a given router/modem.

When the lights are flashing on the modem or router, some data gets transferred. Hackers can push spyware and other types of malware into the modem/router, forcing the device to flash a sequence of lights quickly. Hackers need access to a light sensor or camera on the compromised modem to see the light activity. Once the sequence is recorded, hackers can decode the signals.

Other times, hackers can use high-speed photodiode light detectors to precisely measure the light emitted by a router’s LED. Using precise measurements, hackers can know the pattern of bits and thus translate the data. Though this form of hacking is not 100% accurate, there are cases where the data recorded in such a way can be usable.


Some hackers can even infect the router’s firmware and steal any data flowing through the modem/router. Compromised modems or routers would not have much effect on the user’s device. However, overall, the victim will end up leaking information and potentially suffering financial and personal harm.

7. Unknown Files Suddenly Emerge on Your PC

An image featuring an unknown file concept

Modern computers operate with files and folders. Files are common units of storage on which users can write and read data, while folders are objects that hold one or more files. Since files and folders are fundamental to how computers work, hackers usually infect files and folders with spyware to record the user’s activities and personal information.

A sure sign that spyware is interfering with a PC’s normal functioning is the appearance of new files that the PC owner doesn’t remember downloading or creating. Sometimes, a device infected with spyware will automatically move or delete files and folders. Other times, strange new shortcuts might appear on the desktop or main smartphone screen. All of these signs point to the presence of spyware.

From the hackers’ point of view, though, some code needs to be written in order to make spyware. Then, the written code needs to be stored. Generally, the code is written in the form of scripts, which are stored in files. Hackers need these malicious files to enter the target device. Most of the time, the user is responsible for getting such malicious files on the device either via a drive-by download or by clicking a malicious phishing link (and following through with whatever the webpage is trying to communicate). Once the malicious files are on the target device, the spyware begins working.

Pro Tip:

Users can learn the effects of unknown files that suddenly emerge on the PC by studying any changes in the system’s behavior and running scans via antivirus applications. Generally, though, such files make the computer slower, laggier and less reliable than before. There are also spyware-related effects, such as the user’s information getting transmitted to the hacker’s command center and even more files appearing in strange places on the infected PC.

8. The CD Drawer Begins to Open and Close on its Own

An image featuring a laptop with open CD disk drawer concept

The vast majority of newer computer systems don’t have CD drawers, but those that still do can get infected with spyware that disturbs the normal functioning of the CD drawer. Spyware interferes with the normal inner workings of not just the operating system or hardware on the device but also the software applications. Any program that has access to CD drawer functions on a device infected with spyware can cause the CD drawer to open and close automatically. That said, in most cases, a CD drawer opening and closing on its own is not a cause for concern.

Pro Tip:

Rebooting the machine is a good way to determine if the CD drawer opening and closing on its own is really because of spyware. Rebooting the machine in safe mode allows all extra programs to go into inactive mode. If the CD drawer continues to open and close even in safe mode, the program might be with the hardware.

Additionally, if the user’s antivirus software finds unknown programs with malicious behavior and then continues to quarantine or delete such programs, that is a guaranteed sign spyware exists on the device.

The effects of the CD drawer opening and closing independently include increased CPU usage, noise generated by any disk present in the CD ROM, increased fan speed (to reduce heat from all the spinning and increased CPU usage), decreased battery life (for unplugged laptops) and all the other effects of spyware (such as information being stolen, the computer slowing down and crashing).

9. You Discover E-mails in Your ‘Sent Items’ Folder that You Never Sent

An image featuring sent email concept

Email is just like ordinary mail, except all communication happens over the internet digitally. As in the case of regular mail, internet users can send and receive emails. Hackers know how essential email is to modern communication. This warning sign usually appears when a hacker has managed to infect the user’s device with spyware. The spyware allows the hacker to monitor the user’s screen at all times and even record keystrokes. Over time, the hackers gain access to the user’s username and password, and then use those stolen credentials to access the victim’s email account and start sending spam email messages to other users, including the victim’s contacts.

In this case, the spyware’s main job is to steal passwords and use compromised email accounts to access bank accounts, healthcare information and insurance accounts.

The effects of email-based spyware include loss of personal information, exposure of all email content to hackers, crimes committed in the victim’s name, and spam emails sent via the victim’s email address. Spyware that only infects the user’s email accounts wouldn’t necessarily affect the computer substantially.

What is Spyware?

Spyware is one of the many types of malware. Spyware almost always hides on the infected device and records the victim’s activities. Over time, the spyware compiles a complete record of the victim’s online activities via tracking and other personal information. Spyware can infect all types of devices, including desktop computers, laptops, tablets and mobile devices. Moreover, modern spyware has now gained the ability to not only monitor, copy and transmit any information on the infected device but also control the microphone and camera.

What Happens if Spyware Infects Your Computer?

An image featuring infected email danger representing spyware concept

Once spyware is able to infect the target’s computer, the device starts to behave differently than before and may become slower and unreliable over time. The victim may start to see unknown files in new places on the computer and may see certain programs malfunction as well.

But there are broader consequences of spyware infection. The compromised computer may assist hackers in causing financial loss, fraudulent activities and identity theft. Apart from that, other hidden things that happen when spyware infects a computer include the spyware stealing, collecting and transmitting confidential data, and using the infected device’s resources to launch more cyberattacks or mine cryptocurrency.

What is the Best Spyware Detection App?

The best spyware detection app in the current market is a sub-component of a good antivirus product. Yes, the days of standalone and dedicated spyware detection apps are coming to an end. Today, the best antivirus products are also the best spyware detection and removal apps. With that said, the best spyware detection apps are listed below.

  1. Norton 360 (best overall for most users)
  2. Bitdefender (best for users who want the latest techniques in identifying and removing malware)
  3. Malwarebytes (best for users on a budget)

How to Prevent Spyware

Spyware is usually hidden and works in the background on the victim’s computer. Still, there are ways to prevent spyware threats, as listed below.

  1. Practice Good Email Security: Exercise caution against opening emails from unknown senders or sometimes even known senders. Users should never download email attachments from unrecognized addresses. Even when the addresses are recognized, the user should have an antivirus software program running to guard against potential threats. Delete all emails from strangers.
  2. Do not Click on Pop-ups and Shady Ads: This tip alone can prevent most cyberattacks on the end user’s side. Of course, pop-ups are attractive; the offers sound great and the discounts unbelievable. But selecting any item on the pop-up can allow the hacker to download spyware on the user’s device. There are many pop-up blocker features in modern web browsers. Third-party add-ons or extensions can also help. In any case, do not interact with pop-ups and shady-looking ads.
  3. Exercise Restraint When Downloading Files and Folders: File-sharing sites are often not secure or private. Avoid downloading anything (even legitimate files) from file-sharing websites, as the occurrence of hidden malware and spyware is very high.
  4. Always Keep the Operating System Updated: Keeping the operating system up-to-date is the single most practical way to keep devices safe, not just from spyware but all kinds of cyberattacks. Following that, the user should also ensure all the other applications, including the web browser, are up-to-date. Almost all applications have bugs and security vulnerabilities hackers can exploit to infect the device with spyware. The only way to fix such vulnerabilities is to update the software as soon as the new version becomes available. A good rule of thumb here is to shut everything down on the device the moment the update becomes available. Too many users try to pick the best time to update, and that can sometimes give hackers that small window of opportunity to infect the device with spyware.
  5. Use Security Products Judiciously: Cybersecurity software is the strongest deterrent against spyware attacks. The good thing about current anti-spyware apps is the complete integration with antivirus products. Most good antivirus products come with anti-spyware components that do a terrific job of preventing spyware infection.
  6. Stop Giving Permissions to Apps: A lot of apps have the tendency to ask for too many permissions, which can open up any device to spyware attacks. Users should exercise great caution and identify a clear need for a specific permission. Any app that has no business accessing microphones, cameras or storage folders should not get any related permissions.
  7. Don’t Download Applications from Third-party App Stores: Though third-party app stores can help in certain situations, such apps represent an unnecessary spyware risk. Unlike the Google Play Store or Apple App Store, most third-party stores do not have the infrastructure or resources to keep apps safe from malware and updated at all times. To lower the risk of spyware infection, users should stick to the Apple App Store and Google Play Store.

What about how to prevent spyware? All the above-mentioned tips are useful for preventing spyware infection. Generally, though, the process is as simple as keeping the system and software updated as soon as updates become available and not clicking on unreliable links from any source on any platform.

What Kinds of Spyware Can Infect My Computer?

Similar to malware, there are many types of spyware‚—each attacking a target device in a different way. The most common spyware programs that can infect computers are listed below.

  1. Cookie Trackers: While cookie trackers are sometimes useful for customizing the user’s web experience and reducing webpage load times, there are lots of security issues as well. A tracking cookie is a special type of cookie that websites deposit on the user’s web browser when surfing the internet. The tracker cookie comes in the form of text that has the ability to record information such as the user’s website activity, geo-location, shopping habits and search history. Once enough data has been collected, a user profile can be created and sold to the highest bidder without any regard to user privacy or purchaser credibility. Tracker cookies are different in the sense that the user may be monitored across several websites and apps. Sometimes companies use information gathered via tracker cookies to launch better marketing campaigns; other times, the same information can be used to create better spyware that collects data more efficiently without user consent.
  2. Stalkerware: Stalkerware is a type of spyware that mostly infects mobile devices. As the name implies, stalkerware represents all the tools hackers use (including programs, devices and apps) that help to monitor a user and track the target device’s behavior. As always, stalkerware works in the background without the user’s knowledge or consent. Stalkerware is different from other types of spyware because the target individual can be tracked in several ways, collecting videos, images, website browsing history, calls, text messages, captured images/videos and the related geolocation data. More advanced stalkerware may need a rooted or jailbroken device for even more potency, such as the ability to activate microphones and cameras. Such stalkerware programs can also monitor users on third-party applications that are otherwise safe, such as WhatsApp or Signal, and can take screenshots secretly and record calls (to later forward back to the hacker).
  3. Modem Hijacker: A modem hijacker is one of the older techniques that hackers use to spy on target individuals and devices. Essentially, the modem hijacker spyware establishes a connection with the user’s device and then moves to access services and apps that the victim is subscribed to. Modem hijackers can also make calls without the user’s knowledge. Modem hijacker spyware is different because the malicious activities usually only include calls to numbers that charge premium rates and visits to explicit websites that the user may otherwise never access. The only time the user discovers the device was infected with a modem hijacker is when the monthly phone bill is higher than expected. Modem hijacker spyware can also affect dial-up internet connections. A simple click on a malicious link can allow the spyware access to the device. After infecting the device, the spyware may switch connections and cause international rate charges even on local calls.
  4. Rootkits: Rootkit spyware has risen to popularity because of the high success rate and return on investment. Essentially, rootkit spyware allows hackers to infect a device, access critical functions and take command. Rootkit spyware is different from other types of spyware as most rootkits can compromise the firmware and architecture of the device while also installing applications with user input. That makes rootkits particularly hard to get rid of. Rootkits are also better than most types of spyware at hiding for longer periods and sending data back to the hacker.
  5. Adware: Adware used to be the most common type of spyware by a fair margin. Due to advances in security products and general app development procedures, adware is not as widespread as before. Adware works as spyware in the form of software applications that perform all stated functions but also show users advertisements. The shown ads do not have to be malicious for an application to be considered adware. Some legitimate applications also use adware to fund the development process and offer the app to users at no cost. Adware truly becomes spyware when the software application is malicious for the most part. Applications that are spyware/adware in the genuine sense of the word do not shy away from showing users deceptive and shady apps. Adware is also notorious for showing full-page pop-up ads, explicit banners and auto-play videos when the user opens the browser. Whatever the ad, the developer is ultimately able to generate some revenue at the expense of user experience and safety.

Is Spyware Difficult to Detect?

Yes, depending on how advanced the spyware is, the victim may have trouble detecting spyware. The whole purpose of spyware is to stay hidden, make discovery hard and collect data. However, as mentioned before, modern antivirus programs have become very good at detecting any type of malware. As long as the user has a fully updated antivirus program on the device, spyware should be easy to detect and delete.

Damien Mather Damien is a cybersecurity professional and online privacy advocate with a bachelor of Computer Science. He has been in the industry for 20+ years and has seen the space evolve far bigger than he ever thought. When he is not buried in his research or going through code, he is probably out Surfing or Camping and enjoying the great outdoors. 
Leave a Comment