# Spyware **MITRE ATTACK layer: Collection** Spyware is malicious software designed to silently observe, collect, and exfiltrate data from a target system without user knowledge or consent. Its value isn’t immediate disruption, but persistence and invisibility. Modern spyware focuses less on files and more on identity, behavior, and context. ## How is Spyware abused Attackers deliver spyware via trojanized apps, malicious installers, or zero-click exploits, especially on mobile devices. Instead of loud keylogging, it harvests session cookies, OAuth tokens, clipboard data, and messaging content, blending into normal system and cloud traffic. ## Why Spyware matters Spyware enables long-term surveillance and silent impersonation. Victims can be monitored for months without knowing, allowing attackers to read emails, hijack accounts, commit fraud or gather intelligence often without triggering security alerts. If you’re only looking for malware binaries to find spyware, you’re already late. ## Real-world example ### NSO Group’s Pegasus (Ongoing) NSO Group’s Pegasus spyware continues to be identified on the phones of journalists, lawyers, and activists worldwide. In many cases, zero-click infections granted attackers full access to microphones, cameras, call logs, location data, and even encrypted messaging apps. Pegasus infections are difficult to detect because they leave minimal forensic traces and often exploit previously unknown vulnerabilities in mobile OS. Although NSO Group markets Pegasus as a lawful tool intended to combat crime, governments around the world have routinely used it to spy. [Source](https://en.wikipedia.org/wiki/Pegasus_(spyware)) ## Related topics ### Malware [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/malware.html) ### Man-in-the-Middle Attack [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/man-in-the-middle-attack.html) ### Insider Threat [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/insider-threat.html) ## Additional Resources ### Achieve 442% ROI and reduce patching time by 95% — Forrester TEI Report See how organizations gained 442% ROI and major efficiency improvements with Endpoint Central. [Read more](https://www.manageengine.com/products/desktop-central/forrester-total-economic-impact-uems.html?utm_source=ec-attackglossary) ### Experience enterprise-grade protection proven in real-world tests — AV-Comparatives Report Discover how Endpoint Central’s antivirus earned recognition through rigorous, real-world security validation in just eight months. [Read more](https://www.manageengine.com/products/desktop-central/malware-protection-av-comparatives-dec2025.html?utm_source=ec-attack_glossary) ### Simplify endpoint security and build cyber resilience — Endpoint Security For Dummies Get a clear, practical guide to understanding threats and strengthening your organization’s security. [Read more](https://www.manageengine.com/products/desktop-central/endpoint-security-for-dummies.html?utm_source=ec_attack-glossary)