Spyware is software that monitors a device to collect information such as messages, location, browsing activity, photos, and sometimes authentication material.
Spyware ranges from commodity malware to highly targeted tooling. In all cases, the impact is similar: a compromised device can undermine your account security.
Why it matters for account recovery
If the device is monitored, account fixes may not stick. Password changes, recovery codes, and new MFA setups can be observed and reused. Recovery often requires stabilizing device trust before relying on it for sensitive steps.
Common failure modes and misconceptions
- Only securing the account: If the device remains compromised, the attacker can regain access through observed credentials or sessions.
- Assuming 'no obvious symptoms' means clean: Many spyware tools aim to be quiet to avoid detection.
- Ignoring device management layers: Profiles, device management, and unknown configuration changes can create persistence.
Safe best practices
- Stop using the affected device for high-risk sign-ins until you have confidence in device integrity.
- Remove unknown device management profiles and suspicious apps and review system permissions.
- Update the operating system and consider a factory reset when the risk is high and persistence is suspected.
- After cleanup, rotate credentials and end sessions so old access paths cannot persist.
Related terms
Related guides
- How to detect spyware on your phone or computer
- How to check if your phone is hacked
- Pegasus spyware: what it means for businesses
- What malware is and what to do if you think you have it
Spyware response is about restoring a trusted endpoint. Until you can trust the device, assume anything done on it can be observed and used against you.