Much of the malware we encounter is blatantly ill-natured: cryptomining worms that monopolize your system resources, viruses that delete your files, ransomware that holds your computer hostage until you pay a pretty penny.
But sometimes, the matter of whether a piece of software is malicious or not isn’t so black and white.
Stay One Step Ahead of Cyber Threats
These ambiguous programs are known as grayware. And though they’re often overlooked during cybersecurity discussions, their effects can be surprisingly unpleasant.
What Is Grayware?
Grayware is a catchall term for programs that exist in the middle ground between overt malware and legitimate software. It’s sometimes referred to as “potentially unwanted programs,” or PUPs.
Though not destructive to you or your device, grayware can still be annoying and (often unintentionally) harmful. It may hog your computer’s memory, collect data in the background or inundate you with ads.
And often, the source of the grayware isn’t a hacker or cybercrime group but a real, seemingly trustworthy company, acting not out of malice but out of greed.
Grayware typically falls into one of two categories: spyware and adware.
Spyware is software that secretly collects data on you and your device, then transmits it to a third party. Depending on how it’s used — and who’s using it — it can be considered either malware or grayware.
When used by a hacker or other bad actor to stalk, rob and control you, spyware is classified as outright malware. But surprisingly, that’s not always the case for all spyware.
Spyware can have intentions that aren’t malicious but still cross an ethical line, and it’s often used by otherwise legitimate companies to pad their profits. This grayware variety of spyware, though, isn’t to be underestimated.
Spyware and Data Collection
Software companies, especially ones that create free software, make money by selling user data to marketers. They can also use this data themselves to develop and refine their products.
Thus, there are some big incentives for them to collect as much user data as possible. And that’s where spyware comes in.
Whenever you install software, you’re required to accept the program’s end user license agreement (EULA). These are long, wordy and difficult to understand, so most people simply accept them without reading them.
But buried deep inside these agreements are clauses that detail how the program collects and shares your data. And these data collection policies frequently go above and beyond what the average person would actually consent to, falling into spyware territory.
In some cases, the spyware is hidden in plain sight, presented as a required component of the software. If you decline to install it, the entire setup aborts, giving you no option but to agree to the data collection.
And some software doesn’t even bother with getting your permission at all. Instead, it just installs the spyware component automatically, then runs it in the background, so you’re never any the wiser.
The Hidden Dangers of Spyware
The primary target of this spyware is your browsing history, location, preferences, habits, and other valuable marketing and telemetry data. However, your passwords, credit card numbers, and other sensitive data can also be collected via keystroke logging.
When this data is logged, transmitted, and stored elsewhere, it becomes much easier for hackers to obtain it and use it for truly malicious purposes. Hackers can also use vulnerabilities in the spyware itself to access your computer and cause real, intentional harm.
Free software created by random developers and downloaded from the web often contains spyware, allowing the creators to make money without charging for their products. But paid software from large, established companies can also contain it.
And it’s often coupled with another type of grayware: adware.
Adware is software whose purpose is to generate revenue for the creator by displaying unwanted, unexpected ads to the user. When it’s directed at mobile devices, it’s known as madware.
These unwanted ads may take the form of pop-ups, banners, toolbars, persistent notifications or even hijacked tabs in your browser. Every time you view or click on one of these ads, the adware creator gets a little kickback from the advertiser.
Like spyware, adware is often installed unintentionally alongside other software, especially free software. It can also come packaged with other downloads, such as pirated files, or get loaded onto your device in secret by shady websites or ads.
Adware may contain a spyware component or work alongside other spyware to create targeted ads, increasing the likelihood that you’ll click one. Or it may be programmed to make ads pop up just as you’re about to click something else, causing you to click the ad instead.
The Hidden Dangers of Adware
Though adware is generally more annoying than dangerous, it can still pose some harm.
Loading so many ads can place a heavy load on your system resources, eating up your memory, processing power and disk space to keep displaying more and more ads. Your computer may become so bogged down with ads that it becomes too slow to use.
Some adware displays disturbing, illicit or fraudulent ad content, linking you to porn sites, fake gambling sites, sketchy giveaways or other sources of danger. Ads may even link to or contain malware, making them actively harmful.
Key Grayware Takeaways
- Grayware refers to software that falls in the gray area between legitimate and malicious.
- Spyware is a type of grayware that sends your activity and keystrokes to a third party, usually a marketer or advertiser that buys user data in bulk.
- Adware is a type of grayware that overwhelms you with ads in various forms, generating revenue for the creator with every click or impression.
- Grayware is usually installed unintentionally, often enabled by hidden settings or clauses in the EULA of otherwise legitimate software.
- Though grayware doesn’t actively intend to harm you, it can affect your computer’s performance, invade your privacy and open the door for hackers and true malware to enter your device.
History of Grayware
Though the term “grayware” wasn’t coined until 2004, the terms “adware” and “spyware” both existed as far back as 1995. But their original meanings were a bit different than the ones we know today.
Back then, “adware” referred to any piece of ad-supported software, even ones with a simple line of text advertising the developer’s other programs, while “spyware” referred to software used for espionage purposes.
Those definitions — and practices — changed by the year 2000. Venture capitalists began offering developers thousands of dollars to secretly include ads and data collection components with their software.
That year, at an industry conference, one company offered a $17,500 bonus to any developer willing to distribute their adware. That’s equivalent to over $30,000 in 2022, making it no wonder that grayware’s popularity exploded in the new millennium.
Web browsers, ad blockers, and antivirus programs battled with grayware throughout the 2000s. But as the decade came to a close, grayware developers shifted their focus to smartphones.
A more lay userbase, a massive distribution network, and a treasure trove of personal data made mobile devices incredibly attractive grayware targets. Today, mobile adware and spyware rival their nonmobile counterparts in both depth and breadth, creating a haven for marketers and advertisers — and a nightmare for app stores and users.
Grayware by the Numbers
- In 2004, there were just 334 strains of grayware — but by 2008, there were over 86,000 strains
- As many as 90% of internet-connected devices have been affected by grayware, with an average of 28 strains of grayware per device
- Over 30% of all macOS PUP instances are adware, with over 16% accounted for by just one strain: Adloadr
- Over 3% of all Android apps on the Google Play store fall under the definition of grayware
- 63% of all mobile grayware apps leak the device’s phone number, while 37% leak the device’s location
The Gator Spyware
In 1999, Claria Corportation’s Gator eWallet made its debut, secretly bundling itself into the installation files of other software. It promised a revolutionary way to store all of your passwords, credit card numbers, and form information on your computer, so you’d never need to type it out again.
But behind the scenes, Gator collected a slew of user data, including browsing history and partial credit card numbers, and used it to display targeted pop-up ads.
Because of its sneaky installation method and difficult removal process, Gator developed a notorious reputation. And after being sued by numerous companies for undercutting their business with competitors’ ads, Claria shut down for good in 2008.
The DollarRevenue Adware
In 2005, the Dutch company DollarRevenue launched its software of the same name: a browser toolbar that tracked your search history and displayed ads. The company recruited webmasters and software developers to distribute the adware, offering up to 30 cents per installation.
This strategy was highly successful: by 2007, the adware had infected over 22 million computers around the world, often in a bundle with other grayware.
Before long, hackers got in on the DollarRevenue bounty, using botnets to force the program onto thousands of computers and generate hundreds of dollars a day. This got the attention of the Dutch government, which fined DollarRevenue 1 million Euros, though the fine was overturned by a higher court a year later.
Grayware Verdict (Video)
"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional