Blacksweep
Back to insights
Mobile devicesBy BlackSweep· Jun 14, 2026· 8 min read

State-grade spyware and commercial stalkerware: the difference and the risk

Not all phone surveillance is equal. On one side, state-grade implants like Pegasus; on the other, stalkerware sold to anyone. Understand the difference — and why it defines your defense.

Two worlds, two adversaries

When we talk about a monitored phone, there are two distinct universes that demand distinct responses. On one side is state-grade spyware, like the Pegasus family, developed by companies that sell exclusively to governments and capable of compromising fully updated devices without any action by the target. On the other is commercial stalkerware, sold openly to anyone willing to pay a monthly subscription.

Confusing the two leads to wrong defenses. Against one, updating the system solves almost nothing; against the other, good digital hygiene already changes the game. Knowing which threat you face is the first step of real protection.

State-grade spyware: the top of the chain

Implants like Pegasus exploit vulnerabilities unknown to the manufacturer, often through 'zero-click' attacks — where the target need not click anything, open any message or make any mistake. Once inside, the implant accesses the microphone, camera, encrypted messages, location and keys, and is designed to disappear without a trace.

The cost and restricted access make these tools a targeted risk: journalists, dissidents, executives in geopolitical disputes, public figures and people with power or sensitive information. If you fit that profile, assuming immunity is naive — defense runs through continuous technical vigilance, not trust in the device.

Commercial stalkerware: the mass threat

Stalkerware is monitoring software sold as 'parental control' or 'employee security', but used massively to spy on partners, ex-partners, business associates and family members. It typically requires physical access to the device for a few minutes to install, and the victim's credentials to stay hidden.

It reads messages, listens to calls, activates microphone and camera, and reports location to a dashboard the abuser can access. It is less sophisticated than state-grade tools, but the risk is immense precisely because it is cheap, widespread and often installed by someone close with legitimate access to your phone.

Why the distinction defines the defense

Against stalkerware, hygiene measures work: a strong biometric passcode, review of apps and permissions, credential rotation, two-factor authentication and strict control of physical access to the device dramatically reduce exposure. Often it is enough to keep the wrong person from touching your phone.

Against state-grade threats, these measures are necessary but insufficient. Zero-click exploitation bypasses most user barriers, and detection requires forensic analysis of indicators of compromise, traffic examination and, in extreme cases, full compartmentalization of the device. It is a race between specialists, not between apps.

How we act and what we deliver

BlackSweep conducts forensic analysis of phones and laptops by appointment, in Brazil and abroad, searching for indicators of both types of compromise and preserving evidence within data protection law. When the finding has evidentiary value, we deliver a technical report; in all cases, a confidential report and a shielding plan.

More important than the diagnosis is the containment strategy: isolate the compromised device, re-establish clean communication channels and reduce your attack surface for the future. Advanced surveillance is not solved with a click — it is solved with method, discipline and discretion.

You may be under surveillance right now.

Talk to BlackSweep through a private channel. Service by appointment across Brazil and abroad.

Request a private sweep