New ‘StrandHogg’ Android Vulnerability Being Under Active Exploitation
Last updated September 23, 2021
A stalkerware app named 'KidsGuard' leaked the data that it had exfiltrated from the targeted devices and then stored on an Alibaba storage bucket. The app can be secretly installed on someone else's phone, and then it can access the real-time location, text messages, photos, videos, browser history, and even record calls. Everything happens stealthily so that the targeted person does not know of it, and the data is uploaded onto the developer's (ClevGuard) cloud system. Unfortunately for everyone who was being monitored, ClevGuard misconfigured the Alibaba storage bucket for public access without a password, potentially exposing the exfiltrated data to malicious actors who are constantly on the lookout for such opportunities.
As the name suggests, 'KidsGuard' is supposed to be a stealthy way for concerned parents to keep an eye on the whereabouts of their children. However, and as it's often the case with stalkerware apps, it's also used by employers for monitoring personnel, as well as by people who want to catch cheating spouses. While the app offers both an Android and an iOS version, this particular leak seems to concern solely Android users. On Android, 'KidsGuard' hides under the name "System Update," pretending to be a system service so as users won't terminate it manually. There's no app icon, so the exfiltration process is adequately concealed.
Besides the data-stealing features described above, 'KidsGuard' is also capable of accessing user messages on WhatsApp, Viber, Facebook Messenger, and Instagram. Activities on widely-used dating apps, such as Tinder, can also be tapped by the app. When it comes to encrypted communications apps like Snapchat and Signal, which support the setting of timed message self-deletion, 'KidsGuard' simply takes screenshots. All this information is exposed now, but since the bucket didn't contain any contact details of the victims, there's no way to notify them.
There have been many cases of stalkerware leaking sensitive data, which resulted in legal action against them. Back in October 2019, the FTC banned Retina-X from selling their software, after the developer sustained multiple data breaches over the years. Obviously, these are all cases of unlawful privacy violations against the victims, and this is why these apps are never found on the Play Store.
To stay safe from the risk of having someone planting an app of this kind on your device, you can configure a new password, install a mobile security suite, and scrutinize all activities that run in the background.