Kaspersky reveals dangers of MonitorMinor Stalkerware

India has the largest share of installations of stalkerware with a rate of 14.71 per cent, and MonitorMinor is one of the most dangerous spying apps for Android out there.

The reason why it is harmful is that --using stalkerware isn't just unethical. It is inherently unsafe too. The first point hardly requires further explanation. As for the second, the problem is this: Spying apps steal vast amounts of confidential data from devices and send it over the Internet, and their creators care not a jot about protecting it.

How the data is stored or transmitted to the command-and-control (C & C) server isn't generally known. Consequently, it is impossible to predict how many people might gain access to it. Given the rapid development of stalkerware functionality, the data gathered by stalkerware being re-stolen or leaked can become an even bigger headache for the victims than the attacker's initial aim of tracking their movements.

What is MonitorMinor stalkerware capable of?

The recently discovered Android stalkerware MonitorMinor shows what modern spying apps are capable of. In our assessment, it is one of the most powerful smartphone-tracking tools currently in existence. Its abilities include enabling attackers to remotely control the device, record sound and video from the camera and microphone, and steal the contact list, messages, and device PIN or unlock pattern.

What can it do?

First, such software might have been installed at the factory. Second, the smartphone could be infected with rooting malware. Third, someone who wants to spy on you might manually root the device if they gain physical access to it.

Once MonitorMinor gets root permissions, it cannot be removed using regular system tools, even if the victim somehow manages to detect it. Worse, in addition to being virtually unremovable, the stalkerware can gain access to data in messenger apps, social networks, e-mail clients, and other applications. The list of apps from which MonitorMinor can steal data includes Gmail, Facebook, Instagram, Viber, Skype, and Snapchat.

If it cannot obtain superuser privileges, MonitorMinor proceeds to plan B and uses a suite of regular Android functions known as Accessibility. Developed for people with disabilities, this set of features is very popular with malware creators.

The reason is that Accessibility enables malware to swipe everything displayed on the smartphone screen such as messages and banking app details, tap buttons, copy user-entered text and the clipboard contents, and so on.

Affected regions:

According to KSN statistics, India currently has the largest share of installations of this stalkerware (14.71 per cent). In addition, a Gmail account with an Indian name is stitched into the body of MonitorMinor, which hints at its country of origin.

That said, we also discovered control panels in Turkish and English. The second country in terms of usage is Mexico (11.76 per cent), followed by Germany, Saudi Arabia, and the UK (5.88 per cent), separated by only a few thousandths of one per cent.

How to guard against MonitorMinor:

If someone is intent on injecting MonitorMinor into your smartphone, it is quite difficult to prevent. However, you can make the task more complicated:

* Lock your smartphone with a strong password.

* Be extremely wary of apps that request access to accessibility.

* Block the installation of software from third-party sources (or rather, because Android blocks that by default, never allow it).

* Install a reliable security solution. For example, Kaspersky Internet Security for Android detects spying apps and warns users about them.