MonitorMinor stalkerware: Dangerous new Android malware

By /

A class of spyware known as “stalkerware” is starting to show up more in researcher data around the world. The basic idea behind stalkerware, and what differentiates it from normal spyware, is that it specifically seeks to know a person’s location, record their audio and video interactions, and other things a stalker might do like uncover personal addresses and the like. Kaspersky researchers, namely Victor Chebyshev, are raising the alarm about a new type of stalkerware, dubbed MonitorMinor, that appears to run circles around the competition.

As Chebyshev writes in a report for Kaspersky Lab’s SecureList, MonitorMinor stalkerware is powerful with and without root access to Android devices. With root access, MonitorMinor can intercept all data in email providers like Gmail, a swath of social media platforms like Instagram and Facebook, communication platforms like Skype, and much, much more. Additionally, should MonitorMinor have root, it can extract the file /data/system/gesture.key from an infected device which allows an attacker to have the necessary data to unlock it.

Without root access, as alluded to earlier, MonitorMinor can also do damage. Using the accessibility services that are on most Android OS versions, Chebyshev asserts the following about MonitorMinor:

A keylogger function is also implemented in this app through this same API. That is, MonitorMinor’s reach is not limited to social networks and messengers: everything entered by the victim is automatically sent to the MonitorMinor servers. The app also monitors the clipboard and forwards the contents. The app also allows its owner to:

  • Control the device using SMS commands
  • View real-time video from the device’s cameras
  • Record sound from the device’s microphone
  • View browsing history in Chrome
  • View usage statistics for certain apps
  • View the contents of the device’s internal storage
  • View the contacts list
  • View the system log

Currently, MonitorMinor stalkerware is concentrated in the following countries: India, Mexico, Germany, Saudi Arabia, and the United Kingdom.

Featured image: Pexels

About The Author

Derek Kortepeter is a graduate of UCLA and tech journalist. Kortepeter specializes in areas such as cyber defense, privacy rights, cyber warfare, and governmental InfoSec policy.

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top