Security experts from Kaspersky Lab spotted a new stalkerware, dubbed MonitorMinor
According to the experts, MonitorMinor is more powerful than all existing software of its family.
Stalkerware are able to gather the victim’s current
The sample we found (assigned the verdict Monitor
Experts discovered that the author of the stalkerware leverage the presence of the
“In a “clean” Android operating system, direct communication between apps is prevented by the sandbox, so stalkerware cannot simply turn up and gain access to, say, WhatsApp messages. This access model is called DAC (Discretionary Access Control).” reads the report published by Kaspersky.
“The situation changes if a SuperUser-type app (SU utility) is installed, which grants root access to the system.” “It is the presence of this utility that the creators of MonitorMinor are counting on.”
Once escalated privileges by running the SU utility, the malware gains full access to data in the following apps:
The persistence mechanism implemented by the malware is very efficient and leverages the root access. The stalkerware remounts the system partition from read-only to read/write mode, then copies itself to it, deletes itself from the user partition, and remounts it back to read-only mode.
Victims will not able to remove the spying software using regular OS tools.
MonitorMinor leverages the Accessibility Services API to intercept events in the controlled apps, even without root access it is able to operate effectively on all devices with this API.
The malware also implements a
The stalkerware also allows its owner to:
According to Kaspersky most of the installs of this stalkerware are in India (14.71%), followed by Mexico (11.76%), Germany, Saudi Arabia, and the UK (5.88%). Experts also noticed the presence of a Gmail account with an Indian name is
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.