SIDER System for Detecting Spy Software Trojans and Phishing in Smartphones

SIDER (Spyware Intrusion Detection and Elimination Resource) – is a complete system in a laptop for automatic search and detection of malware such as Trojans and spy software in mobile phones, tablets and laptops.

Extremely easy to use, even for non-experts, it allows to automatically detect commercial spy software and even several Nation-State Trojans.

Using the provided Chek Lists, it allows to inspect smartphones and finding out if they are being spied on or intercepted, even with methos other than spy software, such as by compromised Google, Apple, WhatsApp and Telegram accounts and similar.

Price: On request

Code: PSATRAO002


The SIDER laptop creates a Wi-Fi hotspot for the connection of the mobile phone to be analyzed. Once connected to the laptop’s Wi-Fi, the mobile phone is used in such a way to stimulate the transmission of data by any Trojan (spy software) to its command and control server. Making a voice call, sending an SMS, then a chat and a WhatsApp voice message, restarting the cell phone and leaving it connected to the hotspot for about ten minutes.

The Wi-Fi connection is then closed and the scanning of the IP data packets captured by the SIDER System begins automatically. Depending on a series of predefined values, the SIDER System is able to detect the presence of most commercial spy software, Trojans installed with Social Engineering, Trojans used by cyber criminals and Nation-State Trojans. As soon as the analysis is finished, a report that can be saved in PDF format is automatically displayed. The response is immediate, highlighted in red if a Trojan or spy software has been detected, orange if further in-depth checks are required, green if nothing has been detected.

To detect known Trojans , the SIDER system uses IOCs – Indicators of Compromise – such as domains known as command and control servers of commercial spy software. It also uses an intrusion detection system that analyzes anomalies (using heuristics) searching for suspicious IP data transmissions to detect unknown Trojans and Malware.

If combined with the visual analysis of the mobile phone, for which an appropriate checklist is provided, the SIDER system allows the detection of all commercial spy software for Android and iOS and commercial and state Trojans installed with Social Engineering.

The SIDER system is particularly suitable for the control of mobile phones that store extremely sensitive private data, since it is not necessary to install any application and it is not necessary for the operator to handle the mobile phone. The owner of the mobile phone can perform the simple operations for connecting to the Wi-Fi network generated by the laptop and the minimal cell phone usage for transmitting IP data to be analyzed. The SIDER system does not connect to any external server and the mobile phone data transmitted with test communications follows their normal path, as if the mobile phone was connected to any Wi-Fi network.

The SIDER system updates automatically and free of charge with new Indicators of Compromise when it is used to perform scans. It can also be used to analyze tablets, laptops, or any other devices that connect to the Internet, such as desktop PCs and printers. Simply connect the mobile phone to be analyzed to the Wi-Fi hotspot generated by the SIDER laptop and use it by communicating for a few minutes to automatically have the PDF report with the results.

Ease of Use
Simply connect the mobile phone to be analyzed to the Wi-Fi hotspot generated by the SIDER laptop and use it by communicating for a few minutes to automatically have the PDF report with the results.

Automatic Detection
Automatically detects most commercial spy software.

Detection of All Commercial Spy Software
Detects all commercial spy software for Android and iOS (following the inspection protocol).

Detection of Spy Software Installed with Social Engineering
Allows to detect commercial and Nation-State spy software installed with Social Engineering (following the inspection protocol).

Email and Social Media Account Compromise Detection
Allows to detect compromises of WhatsApp, Telegram, Gmail, etc. accounts (following the inspection protocol).

Multiple Method Detection
Detection with Indicators of Compromise, Heuristics and anomaly detection. Detection with visual inspection and related protocol.

Can be Used on Laptops, Printers and Desktop PCs
Automatic scanning of any device that can be connected to the Wi-Fi network including Laptops, Desktop PCs, Printers, IOT devices.

Privacy Protection
No invasion of the privacy of the owner of the mobile phone to be inspected, who can independently carry out the operations necessary for the automatic inspection.

Invisible to Attackers
If spy software or Trojans were actually installed on the analyzed cell phone, whoever is monitoring it cannot notice anything, since the inspection simply consists of a new Wi-Fi connection.

Automatic Updates
Updating with new Indicators of Compromise occurs automatically. Updating of the SIDER application can be done manually when available.

Physical and Random MAC
Possibility of using both the physical and random MAC address of mobile phones. With the use of the physical MAC the report is correlated to the inspected mobile phone, allowing for court use.

Report in PDF format
Automatic report with:

  • Immediate notice if nothing has been detected (green color), if further in-depth checks are needed on some connections (orange color) or if spy software/Trojan has been detected (red color)
  • List of connections to IP addresses considered high, moderate and low risk commented with details, for checking further
  • List of transmissions to Whitelisted IP addresses (considered non-dangerous) with transmission protocol used, destination domain (if available), destination IP address, port used
  • List of transmissions to IP addresses considered suspicious
  • List of transmissions to uncategorized IP addresses
  • MAC address of the mobile phone (random or fixed depending on the connection method)
  • Analysis methods used – IOCs, Heuristics, Active
  • SHA1 hash of the captured data
  • SIDER instance number to identify the machine used
  • Report generation date and time
  • Duration of IP data capture
  • IP data analysis duration
  • Number of IP packets captured

pcap files
pcap file with all captured packets for analysis with other tools such as Wireshark.

  • Laptop (Lenovo Thinkpad X Series refurbished) with standard RJ45 LAN connector
  • Power supply
  • LTE modem for connecting to the Internet
  • Wi-Fi USB dongle for connecting to Wi-Fi routers (in case of bad mobile network coverage)
  • USB dongle for automatic saving of reports
  • Professional protection suitcase
  • User manual
  • Mobile phone visual inspection checklist
  • Customer report templates for Android, iOS and for the different types of analysis (optional).


A taught course is available for learning the visual analysis of mobile phones, for:

i) No-Install Monitoring – for the detection of covert monitoring methods that escape the analysis of Intrusion Detection Systems, as they do not require any software modification, such as for example the compromise of email accounts, social media accounts such as WhatsApp (for which a second login with WhatsApp Web is sufficient), Telegram, etc.;

ii) Remote Inspections – for carrying out remote cell phone inspections, when it is not possible to reach the Customer with the SIDER system;

iii) Social Engineering Monitoring – for the detection of Trojans installed with Social Engineering and others that use particular techniques to avoid the detection by Intrusion Detection Systems, such as for example sending data exclusively at predefined times, or in certain conditions such as mobile phones under charging, etc.

Report Models
With the taught course, the delivery of predefined customer report models for each type of analysis and operating system (Android or iOS) is provided.

Wi-Fi and Bluetooth Detector
The SIDER system can be integrated with a system for the detection of audio bugs, video bugs and GPS transmitters that use Wi-Fi and Bluetooth technologies. The Wi-Fi detection system also allows to detect hidden Access Points and Clients. This last function is crucial for detecting bugs connected to Access Points inside or outside the environments to be inspected. See the relevant page .

Technical specifications, features and the use thereof are subject to change without notice.

The System is exempt from restrictions on sale within the European Union. Due to the sensitivity of some possible usage scenarios, Extra Large Srl reserves the right to refuse orders.