Using stalkerware isn’t just unethical, it’s inherently unsafe. The first point hardly requires further explanation. As for the second, the problem is this: Spying apps steal vast amounts of confidential data from devices and send it over the Internet, and their creators care not a jot about protecting it.
How the data is stored or transmitted to the command-and-control (C&C) server isn’t generally known. Consequently, it is impossible to predict how many people might gain access to it. Given the rapid development of stalkerware functionality, the data gathered by stalkerware being re-stolen or leaked can become an even bigger headache for victims than the attacker’s initial aim of tracking their movements.
What is MonitorMinor stalkerware capable of?
The recently discovered Android stalkerware MonitorMinor shows what modern spying apps are capable of. In our assessment, it is one of the most powerful smartphone-tracking tools currently in existence. Its abilities include enabling attackers to remotely control the device, record sound and video from the camera and microphone, and steal the contact list, messages, and device PIN or unlock pattern.
Although it is positioned as a parental control app, MonitorMinor may be used to secretly monitor family members or colleagues —in other words, for stalking. The license agreement, which is available on the website from which the application is distributed, clearly states that users of the application are not allowed to use it for silent monitoring of another person without written consent. Yet we can’t see how that helps potential targets of stalkers who used the app anyway.
The app is very intrusive and can exist on the target’s device without being visible to its owner, and it can silently harvest practically every bit of the target’s personal communications. We decided to draw attention to the app because of its power and inform those who defend people from stalkerware of the potential threat it poses. This is not just another parental control application.
As usual, the most vulnerable users are those who have used an application to obtain superuser privileges on their device. With that level of access, MonitorMinor has no trouble at all entrenching itself in the system. But don’t think that if you didn’t root your device, you have nothing to worry about.
First, such software might have been installed at the factory. Second, the smartphone could be infected with rooting malware. Third, someone who wants to spy on you might manually root the device if they gain physical access to it.
Once MonitorMinor gets root permissions, it cannot be removed using regular system tools, even if the victim somehow manages to detect it. Worse, in addition to being virtually unremovable, the stalkerware can gain access to data in messenger apps, social networks, e-mail clients, and other applications. The list of apps from which MonitorMinor can steal data includes Gmail, Facebook, Instagram, Viber, Skype, and Snapchat.
If it cannot obtain superuser privileges, MonitorMinor proceeds to plan B and uses a suite of regular Android functions known as Accessibility. Developed for people with disabilities, this set of features is very popular with malware creators.
The reason is that Accessibility enables malware to swipe everything displayed on the smartphone screen (such as messages and banking app details), tap buttons, copy user-entered text and the clipboard contents, and so on.
How to guard against MonitorMinor
If someone is intent on injecting MonitorMinor into your smartphone, it is quite difficult to prevent. However, you can make the task more complicated:
- Lock your smartphone with a strong password.
- Be extremely wary of apps that request access to Accessibility.
- Block the installation of software from third-party sources (or rather, because Android blocks that by default, never allow it).
- Install a reliable security solution. For example, Kaspersky for Android detects spying apps and warns users about them.