The recently discovered Android stalkerware MonitorMinor is one of the most powerful smartphone-tracking tools currently in existence, warns Kaspersky.
The MonitorMinor app is marketed as the "ultimate parental monitoring software" for parents to keep an eye on their children's phone activity.
However, researchers from Kaspersky Lab say the app bypasses so many controls meant to protect user information that it qualifies as stalkerware. It has unnecessary and extreme functionality that could enable stalkers to covertly access any data and track activity on devices they are surveying, as well as popular messaging services and social networks.
MonitorMinor’s authors use obfuscation techniques, which reveals they are aware that anti-stalkerware tools exist and try to counter them.
Primitive stalkerware employs geofencing technology, enabling the operator to track the victim’s location, and in most cases intercept SMS and call data. MonitorMinor takes this even further, and aims to access data from all the most popular modern communication tools such as Hangouts, Instagram, Skype, Snapchat and others.
In a ‘clean’ Android operating system, direct communication between apps is prevented by the sandbox, but this can change if a superuser-type app (SU utility) is installed, which grants root access to the system. Once installed, security mechanisms of the device no longer exist. Using this utility, the creators of MonitorMinor enable full access to messaging application data.
MonitorMinor can access data from the most popular communication tools such as Hangouts, Instagram, Skype, Snapchat and others.
Kaspersky
Moreover, using root privileges, the stalkerware is able to access screen unlock patterns, allowing the bad actor to unlock the device when it is nearby or when they next have physical access to the device. This, says Kaspersky, is a unique feature it has never seen before in any mobile platform threats.
Even without root access, the stalkerware can operate effectively by abusing the Accessibility Service API, which is designed to make devices friendly for users with disabilities. Using this API, the stalkerware is able to intercept any events in the applications and broadcast live audio.
Other features of MonitorMinor include the ability to control devices using SMS commands, view real-time video from device cameras, record sound from the device microphones, view browsing history in Google Chrome, view usage statistics for certain apps, view the contents of a device’s internal storage, and view contact list and system logs.
Coalition Against Stalkerwar
Victor Chebyshev, Kaspersky research development team lead, says this stalkerware is superior to other types he has seen in many aspects and implements all kinds of tracking features, some of which are unique.
“It is almost impossible to detect on the victim’s device. This particular application is incredibly invasive – it completely strips the victim of any privacy in using their devices, and even enables the attacker to retrospectively look into what the victim has been doing before.”
He says the existence of such applications stresses the importance of protection from stalkerware and the need for joint effort in the fight for privacy.
“This is why it is important to highlight this application to our users which, in the hands of the abusers, could become the ultimate instrument for control. We have also pre-emptively shared information about this software with the Coalition Against Stalkerware partners, to protect as many users as possible, as soon as we can.”
To lower the risk of falling victim to this scourge, Kaspersky recommends users block the installation of programs from unknown sources in their smartphone’s settings, to never disclose the password or passcode to any mobile device, even if it is with someone you trust, and to change all security settings on mobile devices should they be leaving a relationship, including passwords and applications location access settings.
It also advises checking the list of applications on devices to find out if suspicious programs were installed without consent, and using a reliable security solution that notifies should the presence of commercial spyware programs aimed at invading privacy be found.
“If you think you are a victim of stalking and need help, contact a relevant organisation for professional advice. There are resources that can assist victims of domestic violence, dating violence, stalking and sexual violence,” the company advises.
For more information and assistance, contact the Coalition Against Stalkerware, which was formed by not-for-profit groups and IT security organisations: www.stopstalkerware.org.
Share