Security Market Segment LS
Thursday, 19 March 2020 10:22

MonitorMinor: maker claims it's for parental control, Kaspersky calls it stalkerware Featured

MonitorMinor: maker claims it's for parental control, Kaspersky calls it stalkerware Image by Shutterbug75 from Pixabay

A company that creates and sells software known as MonitorMinor has denied that the product falls into the category of stalkerware — which is used to track people — and only meant for use by parents who want to keep their children safe.

Security firm Kaspersky Lab had claimed in a blog post that MonitorMinor had too many features to be classed as a parental control app and was able to track too many services for it to be classified as such.

A MonitorMinor spokesperson told iTWire, in reply to a query, that the software had helped some parents in keeping their children away from drug use.

Kaspersky's Victor Chebyshev said the usual functionality of stalkerware was to transmit the victim's geolocation, adding that there were many such stalkerware apps with the creators often using geofencing technology.

This meant "a notification about the victim’s movements is sent only if they go beyond (or enter) a particular area. In some cases, functions to intercept SMS and call data (spyware that’s able to log them is much less common) are added to the geolocation transmission".

He pointed out, given that SMS was mostly used for receiving one-time passwords, this niche had been taken over by messenger apps which even facilitated business negotiations.

"Moreover, they claim to be an alternative to 'traditional' voice communication. So any software with tracking/spying functionality worth its salt must be able to intercept data from messengers," he wrote. "The sample we found (assigned the verdict Monitor.AndroidOS.MonitorMinor.c) is a rare piece of monitoring software that could be used for stalking purposes that can do this."

He listed MonitorMinor as being able to gain full access to data in the following apps once its privileges were escalated:

  • LINE: Free Calls & Messages
  • Gmail
  • Zalo – Video Call
  • Instagram
  • Facebook
  • Kik
  • Hangouts
  • Viber
  • Hike News & Content
  • Skype
  • Snapchat
  • JusTalk

The MonitorMinor spokesperson said for installation of the app, one needed to have physical access to the mobile phone in question. One also needed to unlock the phone in order to install the application and remote installation was not possible. Further, before using a service, verification of email ID was mandatory.

But Chebyshev wrote: "When MonitorMinor acquires root access, it remounts the system partition from read-only to read/write mode, then copies itself to it, deletes itself from the user partition, and remounts it back to read-only mode.

"After this 'castling' move, the application cannot be removed using regular OS tools. Sure, the option to escalate privileges is not available on all devices, and without root one might assume that the software would be less effective. But not if it’s MonitorMinor."

He said MonitorMinor used Google's Accessibility Services API to intercept events in the apps listed above. "Put simply, even without root, MonitorMinor is able to operate effectively on all devices with Accessibility Services (which means most of them)."

The MonitorMinor spokesperson said: "We try our best and regularly take steps to avoid any misuse of product, [a] recent example of that is 'asking confirmation of purpose' along with aggressive response policy towards 'Violation/abuse' report and many more. We also believe our content on [our] website clearly explain[s] [the] product without misleading the users.

"We consider our software as [a] parental monitoring tool, not as 'stalkerware'."

Chebyshev said the MonitorMinor app also had a keylogger function implemented through the same API.

"That is, MonitorMinor’s reach is not limited to social networks and messengers: everything entered by the victim is automatically sent to the MonitorMinor servers. The app also monitors the clipboard and forwards the contents.

"The app also allows its owner to:

  • "Control the device using SMS commands;
  • "View real-time video from the device’s cameras;
  • "Record sound from the device’s microphone;
  • "View browsing history in Chrome;
  • "View usage statistics for certain apps;
  • "View the contents of the device’s internal storage;
  • "View the contacts list; and
  • "View the system log."

Chebyshev acknowledged that the MonitorMinor licence "clearly states that users of the application are not allowed to use it for silent monitoring of another person without written consent. Moreover, the authors of the agreement warn that in some countries such actions may be subject to investigation by law enforcement agencies. So, formally, it is hard to deny that the developers of this application took steps to provide information about the potential consequences of unlawful usage of the app".

But he said there was another side to this. "...we can’t see how this information can help potential targets of stalkers that would decide to use this app. It is very intrusive and is able to exist on the target’s device without being visible to its owner, and it can silently harvest practically every bit of the target’s personal communications.

"Due to the powerful characteristics of this app, we decided to draw attention to it and inform those who defend people from stalkerware of the potential threat it poses. This is not just another parental control application."

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments