Kaspersky researchers have detected a new software sample stalkerware – commercial software which commonly used for covert surveillance of associates or partners of the users – whose functionalovershadows all previously discovered corresponding software.
It is called MonitorMinor and allows stalkers to access any data without being noticed and monitor activity on devices they control, as well as the most popular messaging services and social networks.
Stalkerware by definition endangers the personal information and personal life of many people. If their data is monitored and controlled, the consequences are often not exclusively related to cyberspace for the victims involved. However, the creators of MonitorMinor did not bother to keep it a secret, showing that they are well aware of
While primitive stalkerware uses geofencing technology, allowing the operator to track the victim's location and in most cases intercept SMS and call data, MonitorMinor goes a few steps further. Recognizing the importance of messengers as a means of data collection, this software aims to access data from all the most popular modern tools communication.
While on a "clean" Android operating system, direct communication between applications is blocked by the sandbox, the situation may change if a superuser application (SU utility) is installed, which provides root access to the system. Once this SU utility is installed, there are no more security features on the device.
Using this utility, the creators of MonitorMinor gain full access to data from a variety of popular social networking and messaging applications such as Hangouts, the Instagram, the Skype or Whatsapp, the Snapchat and other.
Additionally, by using root privileges, stalkerware can gain access to screen unlock patterns, allowing the stalkerware operator to unlock the device when they are nearby or when they subsequently gain physical access to the device. This is a unique one feature which Kaspersky has not previously detected in mobile platform threats.
Even without root access, stalkerware can effectively run the Accessibility Service API, which is designed to make devices user-friendly with disabilities. Using this API, stalkerware is able to track any events in the applications and transmit live audio.
Other features in this stalkerware enable its operators:
- Control devices using SMS commands.
- Watch real-time video from device cameras.
- Record audio from the device microphones.
- View your browsing history in Google Chrome.
- View usage statistics for specific applications.
- View the contents of a device's internal storage.
- See the contact list.
- View system logs.
“MonitorMinor is superior to other stalkerware programs in many opinions and implements all kinds of monitoring functions, some of which are unique and almost impossible to detect on the victim's device. This particular app is incredibly intrusive – it completely strips victims of any sense of privacy when using their devices and allows the attacker to retrospectively monitor their victims' activity,” comments Victor Chebyshev, head of teamof Kaspersky development.
He continued: "The existence of such applications underscores the importance of protection against stalkerware and the need for a joint effort in the fight to protect privacy. That is why it is important to inform users about the existence of this application, which, in the hands of criminals, could become the ultimate control tool. "We have also shared precautionary information about this software with our partners in the Coalition Against Stalkerware to protect as many users as possible as soon as possible."
More information about MonitorMinor can be found at the specialist site Securelist.com.
