Earlier this month, researchers at AI Forensics published an investigation that should be uncomfortable reading for anyone who owns a smartphone. Analyzing 2.8 million messages across 16 Telegram groups, they documented a thriving underground economy built around surveilling intimate partners: 24,000-plus users trading spyware tools, hacking-for-hire services, and nonconsensual intimate images — most of it aimed at women known personally to their attackers. Wired’s subsequent reporting framed it plainly: men are buying hacking tools to use against their wives and friends.
This is not a niche criminal enterprise. It is a large, commercially structured industry operating in plain sight.
What Stalkerware Actually Is
Stalkerware is surveillance software secretly installed on a target’s phone, typically by someone with brief physical access to an unlocked device. Once installed, it runs invisibly in the background — no icon, no notification, no trace in the app list. The person who installed it logs into a remote dashboard on their own device and can see, in near real time, everything happening on the target’s phone: text messages across every app, call history, location, photos, browsing activity, and in many cases the camera and microphone.
The stalkerware industry generates hundreds of millions of dollars annually, primarily by marketing these products under names like “parental monitoring,” “employee tracking,” or “family safety” apps. The most widely used products — mSpy, FlexiSpy, Cocospy, and others — cost between $30 and $70 per month and are openly advertised online. According to the Coalition Against Stalkerware, the overwhelming majority of installations are not used for child safety or employee oversight. They are used for intimate partner surveillance.
Digital stalking affects an estimated 1.5 million people in the United States each year, according to the Bureau of Justice Statistics. In a survey of domestic violence shelters, 85% reported working with victims whose abusers had tracked them using GPS or surveillance tools.
The Telegram Marketplace
What the AI Forensics investigation revealed was not simply that stalkerware exists — that has been documented for years — but how efficiently it has been organized into a commercial ecosystem on encrypted messaging platforms. Translated posts in the groups advertised “Professional hacking on commission” with menu-style offerings: access to a target’s photo gallery and videos, social media account hacking, anonymous surveillance packages. Access to some channels cost between €20 and €50. Others offered subscriptions starting at €5 per month.
The victims documented across these groups were not random targets. They were ex-partners, colleagues, and family members — people whose trust was the point of entry. Over 18,000 references to surveillance tools appeared alongside tens of thousands of abusive images in the data the researchers analyzed.
Telegram has stated it removes millions of pieces of content per day using automated tools and that nonconsensual imagery violates its terms of service. The researchers noted they reported the groups through Telegram’s moderation channels. The groups continued operating during the course of their research.
Warning Signs and What to Do
Stalkerware is designed to be invisible, but it does leave traces. The National Network to End Domestic Violence’s Safety Net project identifies several warning signs: a partner who knows details from private conversations or your whereabouts without being told; unexplained battery drain or data usage spikes; a device that runs warm even when idle; and unfamiliar apps with generic names like “System Service” or “Battery Manager.”
A critical safety note applies here: if you suspect stalkerware and you’re in a situation involving a controlling or potentially dangerous partner, do not remove it immediately without a safety plan in place. Removing the app alerts the person who installed it that they’ve been discovered. Security researchers and domestic violence advocates consistently recommend speaking with an advocate before taking any technical action. The National Domestic Violence Hotline (1-800-799-7233) can connect you with support.
For prevention: a strong alphanumeric phone passcode, never leaving your device unattended with someone who might install software, and regular review of app permissions all significantly reduce risk. Running a reputable mobile security app — Bitdefender, Kaspersky, or Malwarebytes — can detect known stalkerware variants, though no tool catches everything.
A Legal Gray Area That’s Slowly Closing
Stalkerware exists in a complicated legal space. Depending on the jurisdiction, installation without consent may constitute illegal wiretapping, computer fraud, or stalking. In 2021, the FTC banned a stalkerware developer for the first time. In 2025, a hacktivist scraped over 500,000 payment records from a major stalkerware vendor and published them — exposing the email addresses of paying customers. Prosecutions remain rare, but the regulatory and legal environment is tightening.
The Telegram marketplace documented by AI Forensics represents one node in a much larger infrastructure. The tools are cheap, accessible, and marketed as relationship management. Understanding they exist — and knowing the signs — is the starting point for everyone.