A Wired investigation reveals thriving Telegram marketplaces where men buy spyware and share nonconsensual intimate images, exposing massive gaps in how platforms and regulators address technology-facilitated abuse.
Thousands of men are congregating in Telegram groups to buy commercial spyware designed to covertly monitor their partners, friends, and exes. They are trading nonconsensual intimate images, swapping doxing guides, and exchanging tips on how to weaponize everyday technology for sexual abuse and harassment. The scale is staggering, and the business model behind it is disturbingly professional.
As Wired recently detailed, these are not shadowy dark web forums requiring specialized technical knowledge. They are public, easily discoverable Telegram channels operating in plain sight, with thousands of active members treating digital stalking like a subscription service. The spyware tools on offer range from a few dollars to several hundred, putting surreptitious surveillance well within reach of almost anyone willing to pay.
The tools being traded in these groups share a common design philosophy: they are built to be installed by someone with physical access to a target's phone, after which they silently harvest text messages, call logs, GPS locations, browser history, and even live microphone audio. Many disguise themselves as benign system utilities or parental control applications, hiding their icons from the home screen while quietly transmitting data to remote servers.
What makes this particular ecosystem so dangerous is how accessible it has become. The stalkerware industry generated an estimated $150 million globally in recent years, according to research from cybersecurity firms like Kaspersky and Malwarebytes. Companies like mSpy, FlexiSpy, and Hoverwatch have built lucrative businesses marketing their products for "employee monitoring" or "child safety," fully aware that their customer base includes domestic abusers. Some openly advertise partner surveillance as a feature, using carefully coded language about "trust verification" to skirt legal liability.
Inside these Telegram groups, that thin pretense evaporates entirely. Members post screenshots of their partners' private conversations. They request specific tools capable of bypassing two-factor authentication. They share directories of nonconsensual intimate images organized by location and identity. It is a marketplace for interpersonal harm, facilitated by encrypted messaging infrastructure that makes meaningful law enforcement intervention nearly impossible.
Why Platforms and Laws Are Failing
Telegram occupies a uniquely problematic position here. The platform's end-to-end encryption for secret chats, combined with its lax moderation policies for public channels, has made it a default gathering point for activities that would be immediately banned on Facebook, Instagram, or YouTube. While Telegram has historically removed channels that violate its terms of service when specifically reported, the sheer volume of these groups and the speed at which new ones emerge makes enforcement a game of whack-a-mole that the platform is clearly losing.
The legal landscape offers little relief. In the United States, federal law prohibits intercepting electronic communications and installing tracking software without consent, but enforcement requires the victim to discover the surveillance in the first place, which is exceedingly difficult when the entire purpose of stalkerware is to remain invisible. Several states have enacted specific anti-stalkerware laws, but prosecutions remain rare and penalties are often insufficient to deter repeat offenders. The United Kingdom's domestic abuse legislation took a step forward by explicitly criminalizing the use of technology to coerce or control partners, yet practical enforcement resources remain limited.
The antivirus industry has also struggled with its role in this ecosystem. For years, major cybersecurity vendors debated whether to classify stalkerware as malware, since the user installing it technically has device access. That debate has largely been settled in favor of detection, with companies like Malwarebytes, Avast, and Kaspersky now flagging known stalkerware applications. However, new variants emerge constantly, and detection databases consistently lag behind distribution.
The Human Cost Behind the Technology
Domestic violence organizations have been tracking this trend with growing alarm. The National Network to End Domestic Violence reports that technology-facilitated abuse is now present in the vast majority of intimate partner violence cases they handle. Survivors describe the psychological toll of discovering that someone they trusted has been reading every message, tracking every movement, and listening to private conversations. The surveillance creates a prison that follows the victim everywhere, making it nearly impossible to seek help without the abuser knowing.
The connection between stalkerware and physical violence is well documented. A 2021 study published in the journal "Violence Against Women" found that abusers who use digital surveillance tools are significantly more likely to escalate to physical harm. The technology does not replace traditional abuse; it amplifies it, giving perpetrators unprecedented control over their victims' lives.
What needs to happen next is clear, even if the execution is complicated. App stores operated by Apple and Google must enforce stricter policies against stalkerware applications and their affiliates. Telegram needs to invest in proactive detection rather than relying solely on user reports. Legislators across jurisdictions should mandate that devices ship with built-in indicators when monitoring software is active, similar to the camera and microphone notifications that iOS and Android already provide for legitimate applications.
For the cybersecurity industry, this represents both a moral obligation and a market opportunity. Enterprise-focused companies are increasingly recognizing that the tools and expertise they have developed for detecting advanced persistent threats can be redirected toward identifying stalkerware on consumer devices. Several startups have already begun building dedicated anti-stalkerware scanning tools, and venture capital interest in personal digital safety is growing as awareness of the problem expands. The companies that figure out how to make stalkerware detection seamless and accessible will find a substantial and underserved market waiting for them.
The technology enabling this abuse is not particularly sophisticated. What makes it dangerous is the combination of easy availability, weak enforcement, and a social environment where thousands of men actively normalize and monetize the violation of women's privacy. Fixing that requires more than better software. It requires sustained pressure on the platforms that host these communities and the legal systems that have so far failed to treat technology-facilitated abuse with the urgency it deserves.
