sb-eu logo
Story image

New stalkerware tech wreaking havoc on personal privacy

19 Mar 2020

The areas of people’s lives that cyber attacks can target are getting more all-encompassing, and the motivations for attacks can vary wildly. Stalkerware is a niche type of cyber attack which differs from usual attacks in that its motivations are usually not monetary.

It is a commercial software used to track and stalk victims using their own devices.

Often used by jealous ex-partners or otherwise manipulative participants in a relationship, stalkerware is not a new concept. But researchers at Kaspersky have found a new sample of it, which it says supersedes all previously found software. 

Named MonitorMinor, this software enables stalkers to covertly access any data and track activity on devices they are surveying, as well as the most popular messaging services and social networks.

Primitive strains of stalkerware uses geofencing, which lets attackers track a victim’s location and survey SMS and call data.

But MonitorMinor takes this technology further by infiltrating popular communication and messaging apps, giving attackers access to a much greater trove of personal information.

While, in a ‘clean’ Android operating system, direct communication between apps is prevented by the sandbox, the situation can be changed if a superuser-type app (SU utility) is installed, which grants root access to the system. 

Once this SU utility is installed, security mechanisms of the device no longer exist, according to Kaspersky.

Using this utility, the creators of MonitorMinor enable complete access to data on a messaging applications such as Hangouts, Instagram, Skype, Snapchat and others.

MonitorMinor also allows attackers the groundbreaking ability to access screen unlock patterns, granting access when they have physical access to the device no matter how strong the code or password is.

This is a unique feature which Kaspersky has previously not identified in any mobile platform threats.

Other key features allow attackers to:
  • Control devices using SMS commands
  • View real-time video from device cameras
  • Record sound from the device microphones
  • View browsing history in Google Chrome
  • View usage statistics for certain apps
  • View the contents of a device’s internal storage
  • View contacts lists
  • View system logs.

“MonitorMinor is superior to other stalkerware in many aspects and implements all kinds of tracking features, some of which are unique, and is almost impossible to detect on the victim’s device,” says Kaspersky research development team lead Victor Chebyshev.

“This particular application is incredibly invasive – it completely strips the victim of any privacy in using their devices, and even enables the attacker to retrospectively look into what the victims has been doing before.

“Existence of such applications underlines the importance of protection from stalkerware and the need for joint effort in the fight for privacy. 

“This is why it is important to highlight this application to our users which, in the hands of the abusers, could become the ultimate instrument for control,” says Chebyshev.

“Our issue with stalkerware apps is not just their marketing, but their core functionality,” says Erica Olsen, Director of the Safety Net Project at the National Network to End Domestic Violence, a member organisation of the Coalition Against Stalkerware.

“Rampant stealth access, with no notifications to the user creates an app that is truly designed to illegally stalk or monitor another person. 

“We should not minimise how invasive and abusive these apps can be. Regulations are needed to address the basic design features.”

Kaspersky recommends taking these steps to prevent a stalkerware attack:
  • Block the installation of programs from unknown sources in your smartphone’s settings
     
  • Never disclose the password or passcode to your mobile device, even if it is with someone you trust
     
  • Change all security settings on your mobile device if you are leaving a relationship, such as passwords and applications location access settings. An ex may try to acquire your personal information in order to manipulate you
     
  • Check the list of applications on your devices to find out if suspicious programs were installed without your consent
     
  • Use a reliable security solution that notifies you about the presence of commercial spyware programs aimed at invading your privacy on your phone.
Story image
Months on, many organisations still don't have secure remote access - report
The report analyses the extent to which businesses were prepared for the sudden shift into remote working due to COVID-19 restrictions, and analyses how organisations have adjusted to support remote workers amidst the COVID-19 pandemic. More
Story image
Intel creates 10th Gen vPro processors for 'next generation of business computing'
“Built for business, the Intel vPro platform is a comprehensive PC foundation for performance, hardware-enhanced security, manageability and stability,” says Intel.More
Story image
Endace and Palo Alto Networks launch integration to empower security teams
“The combination of Cortex XSOAR’s powerful orchestration and automation capabilities with the rich network history recorded by the EndaceProbe Analytics Platform gives security operations access to the conclusive forensic evidence they need to respond quickly and accurately to threats.” More
Story image
Sophos and Arcserve bolster alliance with two new solutions
The new solutions combine anti-ransomware and other threat-protection tech with immutable backup and disaster recovery capabilities.More
Story image
Q1 2020 sees more data breaches than ever before
8.4 billion documents were leaked in the first three months of 2020, smashing records and setting a sombre tone for the year.More
Story image
Zscaler buys Edgewise, with its sight set on zero-trust
The acquisition indicates Zscaler's path towards improving the security of east-west communication, as well as its quest to achieve a zero-trust environment.More