Kaspersky Lab found the MonitorMinor app, a hit on Google Playstore to be actually a stalkware which not only infects an android device with spyware but also starts stealing data from social networking apps and messaging app downloaded onto the device. Researchers have found that the app is seen stealing data from Gmail, Facebook, Skype and Snapchat along with Instagram.
MonitorMinor which is basically a child monitoring application meant to track down the activity on a child’s phone was also caught by researchers leveraging SU rights which then helps it to steal data in an easy way after it gains the SuperUser(SU) utility on the infected Android device.
Furthermore, as the app had the feature of exploiting Accessibility Services, it had the ability to manipulate the events from the installed app.
As Stalkware programs help hackers to learn more about the infected device creating a conducive interface for identity theft, security analysts are labeling them as a serious threat to both users and organizations.
Therefore, the need for organizations to stay safe by deploying Unified Endpoint Management (UEM) seems to be the only solution to acknowledge such threats. At the same time creating awareness among employees might also help as most of such threats can be neutralized from the root level by doing so say, experts. And this can be done by using password management apps and by changing lock screen credentials on an occasional note.
Note- MonitorMinor is not the only app that has been labeled as a Stalkware. In Aug’19 researchers from ESET also discovered that Android/Spy.Agent.AOX was also seen spying on those who downloaded it and was seen using the AhMyth Open source espionage tool to gain attack potential. Moreover, on 2 occasions the spyware was seen infiltrating the Playstore at the time of discovery. In Dec’19 an app named FlexiSPY was also caught by a team of experts from Juniper- exfiltrating data from a victim’s Gmail account like GPS location, browsing activity and such. Also in Feb’2020, researchers from TechCrunch also found that an app named KidsGuard was also seen accessing the info and monitoring everything on a target device.
