Kaspersky No place to hide: super stalkerware reads messaging apps and can unlockmonitored devices

Kaspersky researchers have found a new sampleof stalkerware— commercial software that 
is usually used to secretly monitor users’ partners or colleagues— which has functionality 
that supersedes all previously found software. Named MonitorMinor, this software enables 
stalkers to covertly accessany data and track activity on devices they are surveying, as
well  as the most popular messaging services and social networks. 
The very essence of stalkerwarediscourages user privacy, putting many people’s personal 
information and personal lives at risk. If people’s data is being monitored and controlled,
the result is often non-cyber related consequences for the victims involved. However, the
creators of MonitorMinor even go through obfuscation of the application, demonstrating
that they are wellaware of the existence of anti-stalkerware tools and try to counter them.
Whileprimitive stalkerware uses geofencing technology, enabling the operatorto track the
victim’s location,and in most cases intercept SMS and call data, MonitorMinor goes a few
steps further.Recognizing the importance of messengers as a means of data collection, this
software aims to get access to data from all the most popular modern communication tools.
While, in a ‘clean’ Android operating system, direct communication between apps is
prevented by the sandbox, the situation can be changedif a superuser-type app (SU utility)
is installed, which grants root access to the system. Once this SU utility is installed, security
mechanisms of the device no longer exist. Using this utility, the creators of MonitorMinor
enable full access to data on a variety of popularsocial media and messaging applications
such as Hangouts, Instagram, Skype, Snapchat and others.
Furthermore, using root privileges, the stalkerware is able to access screen unlock
patterns, enabling the stalkerwareoperatorto unlock the devicewhen it is nearbyor when they next have physical access to the device. This is a unique feature which Kaspersky has
previously not identified in any mobile platform threats.
Even without root access, the stalkerwarecan operate effectively by abusing the
Accessibility Service API, which is designed to make devices friendly for users with disabilities. Using this API, the stalkerware is able to intercept any events in the
applications and broadcast live audio.
Otherfeatures available in this stalkerware givesoperators the ability to:
• Control devices using SMS commands
• View real-time video from device cameras
• Record sound from the device microphones
• View browsing history in Google Chrome
• View usage statistics for certain apps
• View the contents of adevice’s internal storage
• View contacts lists
• View system logs
“MonitorMinor is superior to other stalkerware in many aspects and implements all kinds of tracking features, some of which are unique, and is almost impossible to detect on the victim’s device. This particular application is incredibly invasive – it completely strips the victim of any privacy in using their devices, and even enables the attacker to retrospectively look into what the victims has been doing before,” comments Victor Chebyshev, Kaspersky research development team lead.
“Existence of such applications underlines the importance of protection from stalkerware and the need for joint effort in the fight for privacy. This is why it is important to highlight this application to our users which, in the hands of the abusers,could become the ultimate instrument for control. We have also pre-emptively shared information about this software with the Coalition AgainstStalkerware partners, to protect as many users as possible, as soon as we can.”
According to Kaspersky telemetry, India currently has the largest share of installations of this stalkerware (14.71%). Mexico (11.76%) is next, followed by Germany, Saudi Arabia, and the UK (5.88% in each country), as other countries that have seen the most use of this new type of stalkerware.
Read more about MonitorMinor on Securelist.com.
To minimize the risk offalling victim to a stalker, Kaspersky recommends the following advice:
• Blockthe installation of programs from unknown sources in your smartphone’s settings
• Never disclose the password or passcode to your mobile device, even if it is with someone you trust
• Change all security settings on your mobile device if you are leaving a relationship, such as passwords and applications location access settings. An ex may try to acquire your personal information in order to manipulate you
• Checkthe list of applications on your devices to find out if suspicious programs were installed without your consent
• Usea reliable security solution that notifies you about the presence of commercial spyware programs aimed at invading your privacy on your phone, such as Kaspersky Internet Security
• If you think you are a victim of stalking and need help, contact a relevant organization for professional advice
• There are resources that can assist victims of domestic violence, dating violence, stalking and sexual violence. If you have questions about stalkerware and would like assistance, please contact the Coalition against Stalkerware, formed by not-for-profit groups and IT security organizations:http://www.stopstalkerware.org/


شاهد أيضاً


Benha Electronics Company and Thales establish a Joint Venture on critical communication solutions

Benha Electronics Company and Thales have established a joint venture to bolster the manufacturing of …

اترك تعليقاً

لن يتم نشر عنوان بريدك الإلكتروني. الحقول الإلزامية مشار إليها بـ *