MonitorMinor stalkerware: Dangerous new Android malware

A class of spyware known as “stalkerware” is starting to show up more in researcher data around the world. The basic idea behind stalkerware, and what differentiates it from normal spyware, is that it specifically seeks to know a person’s location, record their audio and video interactions, and other things a stalker might do like uncover personal addresses and the like. Kaspersky researchers, namely Victor Chebyshev, are raising the alarm about a new type of stalkerware, dubbed MonitorMinor, that appears to run circles around the competition.

As Chebyshev writes in a report for Kaspersky Lab’s SecureList, MonitorMinor stalkerware is powerful with and without root access to Android devices. With root access, MonitorMinor can intercept all data in email providers like Gmail, a swath of social media platforms like Instagram and Facebook, communication platforms like Skype, and much, much more. Additionally, should MonitorMinor have root, it can extract the file /data/system/gesture.key from an infected device which allows an attacker to have the necessary data to unlock it.

Without root access, as alluded to earlier, MonitorMinor can also do damage. Using the accessibility services that are on most Android OS versions, Chebyshev asserts the following about MonitorMinor:

A keylogger function is also implemented in this app through this same API. That is, MonitorMinor’s reach is not limited to social networks and messengers: everything entered by the victim is automatically sent to the MonitorMinor servers. The app also monitors the clipboard and forwards the contents. The app also allows its owner to:

  • Control the device using SMS commands
  • View real-time video from the device’s cameras
  • Record sound from the device’s microphone
  • View browsing history in Chrome
  • View usage statistics for certain apps
  • View the contents of the device’s internal storage
  • View the contacts list
  • View the system log

Currently, MonitorMinor stalkerware is concentrated in the following countries: India, Mexico, Germany, Saudi Arabia, and the United Kingdom.

Featured image: Pexels

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Using Azure Active Directory Identity Protection to boost your security

Using Azure Active Directory Identity Protection will boost your security. This step-by-step guide shows you…

16 hours ago

Review: Kemp Virtual LoadMaster load balancer

With many businesses requiring employees to work remotely, Kemp’s Virtual LoadMaster can help relieve many…

19 hours ago

Microsoft warns of COVID-19-related spear-phishing campaign

COVID-19 is not going away anytime soon, and as Microsoft researchers have discovered, neither are…

22 hours ago

Ansible: Introduction to this open-source automation platform

In this first of several articles on Ansible, we give you a high-level overview of…

2 days ago

Microsoft Build 2020: All the major announcements

Microsoft Build 2020 may have been a virtual event, but there was some real news,…

2 days ago

Conquer the world with PowerShell global variable

In Power Shell, every variable has a certain scope, but a PowerShell global variable is…

2 days ago