According to Kaspersky Lab, in 2019 in Russia compared with the previous year, the number of users of mobile devices attacked by stalker programs (stalkerware) tripled. In general, cases of attacks on personal data of mobile device users became more frequent one and a half times – from 40,386 unique attacked users in 2018 to 67,500 in 2019.
The term stalkerware refers to commercial spyware that is positioned as legal. With it, you can access personal data stored on smartphones and tablets of other users. Such software, as a rule, is used for secret surveillance of other people, including the initiators of domestic violence, and therefore carries serious risks for those on whose devices it is installed.
Analysts write that there are no such applications in the Google Play catalog, however, their support is very active by developers. As a rule, these are commercial solutions with rich espionage capabilities. On a compromised device, they can collect almost any data: photos (both the entire archive and certain pictures, for example, taken in a given location), phone calls, SMS, location information, clicking on the screen (keylogging) and so on.
Many applications of this kind utilize root rights and extract the history of correspondence in social networks and instant messengers from the protected system storage. If you can’t get the required access, stalker software can take screenshots, track screen clicks and even extract the text of incoming and outgoing messages from the windows of the most popular instant messengers using Accessibility. Researchers cite the commercial spyware Monitor Minor as an example.
The developers of the commercial spy FinSpy went even further by adding the ability to intercept correspondence from protected instant messengers (Signal, Threema, etc.) in their application. To guarantee interception, the application independently obtains root rights by exploiting the vulnerability CVE-2016-5195 (Dirty Cow). The calculation is made on the victim’s use of an old device with an old kernel of the operating system, where the exploit will work successfully and will allow elevating privileges to root.
In general, in 2019, among the threats to mobile privacy of users, in addition to stalker programs, adware was featured. As a result of attacks of such malware, confidential information of a person without his consent can be on the servers of third parties. In addition, an infected mobile device often becomes almost impossible to use due to too many pop-up banners. In addition, in order to collect personal data last year, cybercriminals actively exploited the capabilities of the Google Accessibility Service, a service designed to facilitate the use of applications by people with special needs.
The researchers' report also notes that by the end of 2019, Russia was in first place in the world in the number of users attacked by mobile banking Trojans. This has been the case for the third year in a row, but at least one of the families, Asacub, has reduced activity.
Over the past 12 months, cybercriminals have used several methods to spread mobile financial threats. Firstly, they introduced trojans under the guise of legal programs into official application stores. Secondly, they sent spam to the contact list of an already infected mobile device. Thirdly, the traditional scheme for sending spam via SMS messages using social engineering methods worked.
“In 2019, the number of attacks aimed at collecting personal information has significantly increased, and mobile threats aimed at user finances are still active. A serious risk is the development of stalker software, which, although it is positioned as legal, but allows you to monitor the victim and collect information about her. From a technical point of view, these programs are as developed as malicious ones, ”comments Viktor Chebyshev, an antivirus expert at Kaspersky Lab.