SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
New stalkerware tech wreaking havoc on personal privacy
Thu, 19th Mar 2020
FYI, this story is more than a year old

The areas of people's lives that cyber attacks can target are getting more all-encompassing, and the motivations for attacks can vary wildly. Stalkerware is a niche type of cyber attack which differs from usual attacks in that its motivations are usually not monetary.

It is a commercial software used to track and stalk victims using their own devices.

Often used by jealous ex-partners or otherwise manipulative participants in a relationship, stalkerware is not a new concept. But researchers at Kaspersky have found a new sample of it, which it says supersedes all previously found software.

Named MonitorMinor, this software enables stalkers to covertly access any data and track activity on devices they are surveying, as well as the most popular messaging services and social networks.

Primitive strains of stalkerware uses geofencing, which lets attackers track a victim's location and survey SMS and call data.

But MonitorMinor takes this technology further by infiltrating popular communication and messaging apps, giving attackers access to a much greater trove of personal information.

While, in a ‘clean' Android operating system, direct communication between apps is prevented by the sandbox, the situation can be changed if a superuser-type app (SU utility) is installed, which grants root access to the system.

Once this SU utility is installed, security mechanisms of the device no longer exist, according to Kaspersky.

Using this utility, the creators of MonitorMinor enable complete access to data on a messaging applications such as Hangouts, Instagram, Skype, Snapchat and others.

MonitorMinor also allows attackers the groundbreaking ability to access screen unlock patterns, granting access when they have physical access to the device no matter how strong the code or password is.

This is a unique feature which Kaspersky has previously not identified in any mobile platform threats.

Other key features allow attackers to:
  • Control devices using SMS commands
  • View real-time video from device cameras
  • Record sound from the device microphones
  • View browsing history in Google Chrome
  • View usage statistics for certain apps
  • View the contents of a device's internal storage
  • View contacts lists
  • View system logs.

“MonitorMinor is superior to other stalkerware in many aspects and implements all kinds of tracking features, some of which are unique, and is almost impossible to detect on the victim's device,” says Kaspersky research development team lead Victor Chebyshev.

“This particular application is incredibly invasive – it completely strips the victim of any privacy in using their devices, and even enables the attacker to retrospectively look into what the victims has been doing before.

“Existence of such applications underlines the importance of protection from stalkerware and the need for joint effort in the fight for privacy.

“This is why it is important to highlight this application to our users which, in the hands of the abusers, could become the ultimate instrument for control,” says Chebyshev.

“Our issue with stalkerware apps is not just their marketing, but their core functionality,” says Erica Olsen, Director of the Safety Net Project at the National Network to End Domestic Violence, a member organisation of the Coalition Against Stalkerware.

“Rampant stealth access, with no notifications to the user creates an app that is truly designed to illegally stalk or monitor another person.

“We should not minimise how invasive and abusive these apps can be. Regulations are needed to address the basic design features.

Kaspersky recommends taking these steps to prevent a stalkerware attack:
  • Block the installation of programs from unknown sources in your smartphone's settings
  • Never disclose the password or passcode to your mobile device, even if it is with someone you trust
  • Change all security settings on your mobile device if you are leaving a relationship, such as passwords and applications location access settings. An ex may try to acquire your personal information in order to manipulate you
  • Check the list of applications on your devices to find out if suspicious programs were installed without your consent
  • Use a reliable security solution that notifies you about the presence of commercial spyware programs aimed at invading your privacy on your phone.