There is a new version of stalkerware that has functionality that exceeds any prior versions, researchers said.
MonitorMinor allows stalkers to covertly access any data and track activity on targeted devices, as well as the most popular messaging services and social networks.
Stalkerware is commercial software usually used to secretly monitor users’ partners or colleagues. It fundamentally hinders user privacy, putting people’s information and personal lives at risk. If a person’s data is being monitored and controlled, the result often involves real-life consequences for the victim. However, the creators of MonitorMinor obfuscate the application, showing they are well aware of the existence of anti-stalkerware tools and are trying to counter them, said researchers at Kaspersky.
While primitive stalkerware uses geofencing technology, enabling the operator to track the victim’s location, and in most cases intercept SMS and call data, MonitorMinor kicks it up a notch. Recognizing the importance of messengers as a means of data collection, this software aims to get access to data from all the most popular modern communication tools.
While in a “clean” Android operating system, direct communication between apps is prevented by the sandbox, that changes if a superuser-type app (SU utility) is installed, which grants root access to the system.
Once this SU utility is installed, security mechanisms of the device no longer exist. Using this utility, the creators of MonitorMinor enable full access to data on a variety of popular social media and messaging applications such as Hangouts, Instagram, Skype, Snapchat and others.
Furthermore, using root privileges, the stalkerware is able to access screen unlock patterns, enabling the stalkerware operator to unlock the device when it is nearby or when they have physical access to the device. This is a unique feature which Kaspersky has previously not identified in any mobile platform threats.
Even without root access, the stalkerware can operate effectively by abusing the Accessibility Service API, which is designed to make devices friendly for users with disabilities. Using this API, the stalkerware is able to intercept any events in the applications and broadcast live audio.
Other features available in this stalkerware give operators the ability to:
- Control devices using SMS commands
- View real-time video from device cameras
- Record sound from the device microphones
- View browsing history in Google Chrome
- View usage statistics for certain apps
- View the contents of a device’s internal storage
- View contact lists
- View system logs
“MonitorMinor is superior to other stalkerware in many aspects and implements all kinds of tracking features, some of which are unique, and is almost impossible to detect on the victim’s device,” said Victor Chebyshev, Kaspersky research development team lead. “This particular application is incredibly invasive – it completely strips the victim of any privacy in using their devices, and even enables the attacker to retrospectively look into what the victims has been doing before.”
India currently has the largest share of installations of this stalkerware (14.71 percent), according to Kaspersky research. Mexico (11.76 percent) is next, followed by Germany, Saudi Arabia, and the UK (5.88 percent in each country).
Click here for more information.