Stalkerware reads messages and unlocks devices

Kaspersky researchers have identified a new sample of stalkerware software - commercial software that commonly used for covert surveillance of associates or user comrades - whose functionality overshadows all previously discovered corresponding software.

It is called MonitorMinor and allows stalkers to access any data without being noticed and monitor activity on devices they control, as well as the most popular messaging services and social networks.

Stalkerware by definition endangers the personal information and personal life of many people. If their data is monitored and controlled, the consequences are often not exclusively related to cyberspace for the victims involved. However, the creators of MonitorMinor did not bother to keep it a secret, showing that they are well aware of

While primitive stalkerware uses geofencing technology, allowing the operator to locate the victim and in most cases stealing SMS and call data, MonitorMinor goes a few steps further. Recognizing the importance of messengers as a means of data collection, this software aims to access data from all the most popular modern communication tools.

While on a "clean" Android operating system, direct communication between applications is blocked by the sandbox, the situation may change if a superuser application (SU utility) is installed, which provides root access to the system. Once this SU utility is installed, there are no more security features on the device.

Using this utility, the creators of MonitorMinor gain full access to data from a variety of popular social networking and messaging applications such as HangoutsThe InstagramThe SkypeThe Snapchat and other.

Additionally, using root privileges, stalkerware can gain access to screen unlock patterns, allowing the stalkerware operator to unlock the device when it is nearby or after gaining physical access to the device. This is a unique feature that Kaspersky has not previously identified as a threat to mobile platforms.

Even without root access, stalkerware can effectively run the Accessibility Service API, which is designed to make devices user-friendly with disabilities. Using this API, stalkerware is able to track any events in the applications and transmit live audio.

Other features in this stalkerware enable its operators:

• Control devices using SMS commands.
• Watch real-time video from device cameras.
• Record audio from the device microphones.
• View your browsing history in Google Chrome.
• View usage statistics for specific applications.
• View the contents of a device's internal storage.
• See the contact list.
• View system logs.

"MonitorMinor is superior to other stalkerware programs in many ways and implements all kinds of monitoring functions, some of which are unique and almost impossible to detect on the victim's device. This particular application is incredibly penetrating - it completely removes from the victims any sense of privacy when using their devices and allows the attacker to retrospectively control the activity of the victims ", comments Victor Chebyshev, head of Kaspersky's development team.

He continued: "The existence of such applications underscores the importance of protection against stalkerware and the need for a joint effort in the fight to protect privacy. That is why it is important to inform users about the existence of this application, which, in the hands of criminals, could become the ultimate control tool. "We have also shared precautionary information about this software with our partners in the Coalition Against Stalkerware to protect as many users as possible as soon as possible."

More information about MonitorMinor can be found at the specialist site Securelist.com.