Stalkerware reads messages and unlocks devices

Kaspersky researchers have identified a new sample of software stalkerware Commercial software which commonly used for covert surveillance of associates or user companions - whose functionality overshadows all previously discovered corresponding software.

It is called MonitorMinor and allows stalkers to access any data without being noticed and monitor activity on devices they control, as well as the most popular messaging services and social networks.

The stalkerware by definition endangers the personal information and personal life of many people. If their data is monitored and controlled, the consequences are often not exclusively related to cyberspace for the victims involved. However, the creators of MonitorMinor did not bother to keep it a secret, showing that they are well aware of

While the primitive stalkerware using geofencing technology, allowing the operator to locate the victim and in most cases stealing SMS and call data, MonitorMinor goes a few steps further. Recognizing the importance of messengers as a means of data collection, this software aims to access data from all the most popular modern communication tools.

While on a "clean" Android operating system, direct communication between applications is blocked by the sandbox, the situation can change if a superuser application (SU utility) is installed, which provides root access to the system. Once this SU utility is installed, there are no more device security features.

Using this utility, the creators of MonitorMinor gain full access to data from a variety of popular social networking and messaging applications such as Hangouts, the Instagram, the Skype, the Snapchat and other.

Additionally, using root privileges, the stalkerware can access screen unlock patterns, allowing its operator stalkerware unlock the device when it is nearby or when it then gains physical access to the device. This is a unique feature that Kaspersky has not identified in the past on mobile platform threats.

Even without root access, the stalkerware The Accessibility Service API, which is designed to make devices user-friendly with disabilities, can work effectively. Using this API, stalkerware is able to monitor any events in the applications and transmit live audio.

Other features in this stalkerware enable its operators to:

• Control devices using SMS commands.
• Watch real-time video from device cameras.
• Record audio from the microphones of the device.
• View your browsing history in Google Chrome.
• View usage statistics for specific applications.
• View the contents of a device's internal storage.
• See the contact list.
• View system logs.

“MonitorMinor is superior to other programs stalkerware in many ways and implements all kinds of monitoring functions, some of which are unique and almost impossible to detect on the victim's device. This particular application is incredibly penetrating - it completely removes from the victims any sense of privacy when using their devices and allows the attacker to retrospectively control the activity of the victims ", comments Victor Chebyshev, head of Kaspersky's development team.

He continued: "The existence of such applications underscores the importance of protection against stalkerware and the need for a joint effort in the fight for privacy. That is why it is important to inform users about the existence of this application, which, in the hands of criminals, could become the ultimate control tool. We have also shared proactive information about this software with our Partners Against Alliance Stalkerware (Coalition Against Stalkerware), to protect as many users as possible, as soon as possible ".

More information about MonitorMinor can be found at the specialist Securelist.com website.