Pegasus remains the most high-profile "mercenary" spyware, capable of infecting iOS and Android devices without any user interaction ("zero-click"). It can record calls, read encrypted messages, and activate cameras. In 2026, it continues to face legal and political scrutiny, with high-profile cases like the into infections on the Prime Minister's phone being a major focus of international concern. 2. DarkSword
A leading threat for Mac users in 2026, is an infostealer that targets browser data, crypto wallets, and system files. Recent "ClickFix" campaigns have specifically targeted users of AI coding tools like Claude Code by tricking them into running malicious scripts. 5. FinSpy (FinFisher)
Uncovered in early 2026, DarkSword is an advanced found on compromised Ukrainian government and news websites. It operates as a "watering hole," silently siphoning iCloud Keychain passwords, iMessages, and cryptocurrency wallet data from unpatched devices. 3. Agent Tesla The Top 10 Spyware and Adware Threats
A veteran "Remote Access Trojan" (RAT) and infostealer, specializes in keylogging and stealing credentials from browsers and clipboards. It is frequently delivered via invoice-themed phishing emails targeting small-to-mid-sized businesses. 4. AMOS (Atomic macOS Stealer)
Disguised as legitimate mobile applications, targets Android users outside of the official Google Play Store. Once installed, it allows remote control of the device and can exfiltrate sensitive personal data, including photos and location history. 9. AsyncRAT Top 10 Malware Q1 2025 - CIS Center for Internet Security 6. Kimwolf Botnet In 2026
Sold primarily to law enforcement and intelligence agencies, is a sophisticated surveillance suite that works across Windows, macOS, and mobile platforms. It can turn on microphones for real-time recording and transmit images without the user's knowledge. 6. Kimwolf Botnet
In 2026, the landscape of spyware and adware has evolved from simple browser hijackers into sophisticated, multi-platform tools that often blend legitimate system features with malicious intent. These threats range from "mercenary" software used by governments to aggressive, AI-powered ad-delivery systems. 1. Pegasus (NSO Group) AI-powered ad-delivery systems.
is one of the most common "commodity" infostealers, designed to harvest form submissions and browser credentials. It is prized by attackers for its stealth and its ability to feed large-scale credential-resale markets on the dark web. 8. PhoneSpy