A class of spyware known as “stalkerware” is starting to show up more in researcher data around the world. The basic idea behind stalkerware, and what differentiates it from normal spyware, is that it specifically seeks to know a person’s location, record their audio and video interactions, and other things a stalker might do like uncover personal addresses and the like. Kaspersky researchers, namely Victor Chebyshev, are raising the alarm about a new type of stalkerware, dubbed MonitorMinor, that appears to run circles around the competition.
As Chebyshev writes in a report for Kaspersky Lab’s SecureList, MonitorMinor stalkerware is powerful with and without root access to Android devices. With root access, MonitorMinor can intercept all data in email providers like Gmail, a swath of social media platforms like Instagram and Facebook, communication platforms like Skype, and much, much more. Additionally, should MonitorMinor have root, it can extract the file /data/system/gesture.key from an infected device which allows an attacker to have the necessary data to unlock it.
Without root access, as alluded to earlier, MonitorMinor can also do damage. Using the accessibility services that are on most Android OS versions, Chebyshev asserts the following about MonitorMinor:
A keylogger function is also implemented in this app through this same API. That is, MonitorMinor’s reach is not limited to social networks and messengers: everything entered by the victim is automatically sent to the MonitorMinor servers. The app also monitors the clipboard and forwards the contents. The app also allows its owner to:
- Control the device using SMS commands
- View real-time video from the device’s cameras
- Record sound from the device’s microphone
- View browsing history in Chrome
- View usage statistics for certain apps
- View the contents of the device’s internal storage
- View the contacts list
- View the system log
Currently, MonitorMinor stalkerware is concentrated in the following countries: India, Mexico, Germany, Saudi Arabia, and the United Kingdom.
Featured image: Pexels
Using Azure Active Directory Identity Protection will boost your security. This step-by-step guide shows you…
COVID-19 is not going away anytime soon, and as Microsoft researchers have discovered, neither are…
In this first of several articles on Ansible, we give you a high-level overview of…