Experts at Lookout discovered a new Android mobile spyware in the wild, dubbed Monokle, that was developed by a Russian defense contractor named Special Technology Centre Ltd.
“Lookout has discovered a highly targeted mobile malware threat that uses a new and sophisticated set of custom Android
Special Technology Centre Ltd.
The list of functionalities implemented by the spyware includes:
The surveillance software abuses Android accessibility services to capture data from third party apps, including Google Docs, Facebook messenger, VK, Whatsapp,
If root access is available on the target device, the spyware installs
According to Lookout, the spyware is distributed through fake apps, some of which are related to specific interests or regions, this suggests that the malware was currently used in limited areas around the world. Most of the titles are in English with a handful in Arabic and Russian.
Recent samples of Monokle include the Xposed framework that allows Android users to apply modules to an Android device’s ROM
Much of the core malicious functionality implemented in the later samples of
“The functionality hidden in this DEX file includes all cryptographic functions implemented in the open source library spongycastle11, various e-mail protocols, extraction and exfiltration of all data, serialisation and deserialisation of data using the Thrift protocol, and rooting and hooking functionality, among others ” continues the report.
As anticipated, Monokle was developed by STC, the experts noticed that Monokle and the STC’s Android security suite called Defender are digitally signed with the same digital certificates and have the same C&C infrastructure.
“Command and control infrastructure that communicates with the Defender application
Researchers revealed that there is evidence that an iOS version of