Security News > 2020 > March > Rare Android Stalkerware Can Steal Data, Control Devices
A recently discovered piece of Android stalkerware can install itself persistently on the system partition and steals the file containing the hash sum for the screen unlock pattern or password to allow its operators to unlock devices.
Referred to as MonitorMinor, the stalkerware targets communication applications to intercept victims' conversations, including LINE, Gmail, Zalo, Instagram, Facebook, Kik, Hangouts, Viber, Hike News & Content, Skype, Snapchat, JusTalk, and BOTIM. Given that Android sandboxes applications to prevent direct communications between them - this feature is called DAC, or Discretionary Access Control - MonitorMinor requires root access to bypass the security system and perform nefarious activities.
On top of that, the stalkerware includes a keylogger function implemented through the same API, which ensures that anything that the victim types on the device is sent to the cybercriminals.
Through MonitorMinor, the attackers can control the device using SMS commands, view real-time video from the device's cameras, record sound from the device's microphone, view browsing history in Chrome and usage statistics for certain apps, and access the device's internal storage, contacts list, and system log.
"MonitorMinor is superior to other stalkerware in many aspects. It implements all kinds of tracking features, some of which are unique, and is almost impossible to detect on the victim's device. If the device has root access, its operator has even more options available. For example, they can retrospectively view what the victim has been doing on social networks," the security firm concluded.