Malware misinformation
Documenting misinformation in the infosecurity space, focusing particularly on malware analysis and forensics.
Created by @maldr0id
Claim ID: 00002
The following claim is repeated by some online blogs:
unexpected pop-ups can indicate a spyware infection
The claim is considered: 
FALSE
Why is it false?
There can be many reasons for unexpected pop-ups, ranging from software which tries to monetise its installations through pop-ups (this is called adware1) to fake pop-ups displayed in the browser to convince the user to perform some action2). However, the primary objective of spyware is to covertly steal user data. Impacting user experience goes against that goal, so it’s extremely unlikely that spyware would display pop-ups. This is especially true of state-sponsored spyware (e.g. Pegasus or FinSpy), which has no incentive to monetise the installation.
Statement sources
The websites below repeat the claim. This is not a full list of websites.
- ExpressVPN, “What is Predator spyware?” - link (the source has been redacted since, the screenshot of the previous version is here)
Campaigns
No misinformation campaigns have been spotted using that claim.