A few weeks ago, Dolly, a young professional in Mumbai, started noticing something off. Her partner seemed to know exactly where she had been, who she had spoken to, even details from private conversations with friends — things she had never told him. At first, she brushed it off. Maybe he was guessing. Maybe someone close to her was talking.
 
The truth turned out to be far more unsettling.
 
When she finally sought technical help, Dolly found a stalkerware application secretly installed on her phone. For weeks, it had been tracking her location, reading her messages, monitoring her calls, and quietly harvesting her personal data — all without her knowing a thing.
 
It sounds like the plot of a thriller. 
 
A new study by cybersecurity firm Kaspersky has put hard numbers behind a threat that has been growing quietly for years: digital harassment, stalking and surveillance are no longer the work of strangers lurking online. More often than not, the person behind it is someone the victim already knows and trusts.
 
What Exactly Is Stalkerware?
Stalkerware is software quietly installed on someone's device to monitor their activity without their consent.
 
Unlike most malware, which infiltrates a device remotely, stalkerware usually requires the abuser to have had physical access to the phone, tablet, or computer at some point. Once it's in, it can track real-time location, monitor calls and texts, read emails and chat conversations, access photos and videos, log browsing history, capture keystrokes, and watch social media activity. In some cases, it can even activate device functions without the user noticing anything at all.
 
Kaspersky detected stalkerware on 2,370 unique devices in India. That number alone is troubling. What is more troubling is that experts believe it barely scratches the surface — most victims never find out their device is compromised in the first place.
 
Why Digital Abuse Is So Hard To Detect
Here is what makes this particularly insidious: it doesn't look like an attack. It looks like normal life.
 
A controlling partner asks for your password, framing it as a matter of trust. A family member insists on sharing device access ‘for safety’. A friend talks you into installing a location-sharing app, just to ‘keep an eye out for each other’. None of these moments feels like a red flag in isolation. But pieced together over time, they quietly erase a person's privacy.
 
Traditional cyberattacks tend to trip an alarm somewhere — a security alert, a system warning, something. 
 
Technology-enabled abuse doesn't work that way. It exploits relationships and trust that already exist. By the time a victim recognises their boundaries have been violated, the abuse has often already escalated.
 
The Rise of Deepfakes and Impersonation
AI (artificial intelligence) has added a genuinely dangerous new layer to all of this.
 
Creating a convincing fake image, video, or audio clip is now cheaper and easier than it has ever been. Deepfakes are being used to damage reputations, blackmail victims, spread misinformation, harass people and manipulate personal relationships. Pair that with fake social media accounts and impersonation campaigns, and you have abusers who can deceive a victim's entire circle — friends, colleagues, family — while staying completely hidden themselves.
 
The emotional toll here is severe, particularly for victims who struggle to convince others that fabricated content isn't real. Try explaining to someone that the video they just saw of you never actually happened.
 
Abuse Closer to Home Than Many Realise
When people picture cyber threats or digital abuses, the imagery is usually familiar — hackers in some distant location, criminal gangs running scams, anonymous trolls hiding behind fake profiles. That threat is real. But it is not the whole picture and Kaspersky's research makes that uncomfortably clear.
 
The study surveyed 7,600 respondents across 19 countries and found that nearly half of those who had experienced technology-enabled abuse named someone from their own social circle as the perpetrator. Friends. Family members. Current partners. Ex-partners. Colleagues. Together, they account for a significant share of all incidents.
 
This upends the assumption most of us carry around — that digital abuse comes from faceless strangers on the internet. The data tells a different story. The danger is often sitting at the dinner table, sharing your workplace, or living under the same roof.
 
 
“These findings challenge the persistent assumption that technology-facilitated abuse is primarily anonymous or perpetrated by strangers. Instead, they highlight how such harm is often embedded within existing relationships — spaces typically associated with trust and emotional safety. In these contexts, abuse can become part of a cycle of mutual escalation, where individuals respond to perceived harm, control, or humiliation with further harmful behaviour. Digital environments, with their immediacy and intensity, can amplify these dynamics, making it easier for conflict to escalate and harder to interrupt. Recognising these relational patterns is critical to understanding and addressing the full scope of technology-facilitated abuse,” said Dr Leonie Maria Tanczer, associate professor of computer science and head of the department’s gender and tech research lab at University College London (ULC). 
 
India Records Alarming Levels of Digital Abuse
From this study, India emerged as one of the most concerning markets in the Asia-Pacific (APAC) region — and not by a small margin.
 
Indian respondents reported the highest average number of abusive digital experiences among all the APAC countries surveyed. More than half said they feel unsafe online. That alone should give every reader pause.
 
What stands out most is digital stalking. Around 21% of Indian respondents reported experiencing it — more than double the global average. Alongside that, the study flagged elevated levels of impersonation through fake accounts, non-consensual deepfake creation and distribution, doxxing (where personal information is exposed publicly), revenge pornography, and harassment through abusive messages and comments.
 
These are not abstract statistics. They translate into real emotional distress, reputational damage, financial loss, and in some cases, genuine physical safety risks.
 
How To Protect Yourself
The encouraging part is that there is a fair amount you can do to reduce your risk.
 
1. Be deliberate about who has physical access to your devices. Most stalkerware infections require someone to have had their hands on your phone at some point, even briefly. Don't leave your phone or laptop unattended around people you don't fully trust and use a strong screen lock — don't hand out your password, PIN, or biometric access casually.
 
2. Check apps installed on your digital devices every so often. Look for anything unfamiliar, anything with a name that doesn't ring a bell, or apps requesting permissions that don't match what they are supposed to do. If something looks off, get a cybersecurity professional to look at it before you remove it yourself — that way you are not just deleting evidence.
 
3. Pay attention to app permissions. A flashlight app asking for access to your contacts and location is not a coincidence worth ignoring — it is a question worth asking.
 
4. Turn on multi-factor authentication (MFA) wherever it's available. Even if someone gets hold of your password, MFA puts a second lock between them and your accounts.
 
5. Be selective about location sharing. Plenty of apps offer real-time location sharing by default — use it only when you actually need to, switch it off when you don't, and periodically check who still has visibility into where you are.
 
6. Watch for odd device behaviour — battery draining faster than usual, unexplained spikes in data usage, a phone that runs hot for no reason, background activity that doesn't make sense, or permission requests popping up out of nowhere. None of these automatically means stalkerware is on your device, but they are worth investigating rather than ignoring.
 
7. Keep the device software updated. Those update notifications you keep dismissing often carry security fixes that close the exact gaps stalkerware exploits.
 
8. And use legitimate security software. A trusted cybersecurity tool can flag suspicious apps, malware, and stalkerware before they do real damage. On Android, switch on Play Protect — open Google Play, tap your profile photo in the top-right corner, go to Play Protect, and enable it. On Samsung devices, turn on Auto Blocker under Security and Privacy settings.
 
Breaking the Cycle
Perhaps the most important takeaway from Kaspersky's research is this: technology-enabled abuse isn't just a cybersecurity problem. It is a social and behavioural one.
 
When surveillance, harassment and digital control quietly become normal within a relationship, the abuse doesn't stay still — it escalates, and it feeds on itself. Victims sometimes retaliate, and what follows is a cycle of mutual hostility that gets harder and harder to break the longer it continues.
 
Catching the warning signs early matters more than people realise.
 
Privacy is not the same as secrecy. Trust doesn't require unrestricted access to someone's phone, messages, or accounts. A healthy relationship respects digital boundaries with the same seriousness it gives to physical ones.
 
As more of our lives move online, protecting personal information becomes more than just a defence against cybercriminals. It becomes a matter of protecting your autonomy, dignity and safety in a world increasingly lived through a screen.
 
The smartphone in your pocket is supposed to work for you. It should never become a surveillance device quietly reporting your every move to someone else.
 
Stay Alert, Stay Safe!