Experts at Lookout discovered a new Android mobile spyware in the wild, dubbed Monokle, that was developed by a Russian defense contractor named Special Technology Centre Ltd.
“Lookout has discovered a highly targeted mobile malware threat that uses a new and sophisticated set of custom Android
Special Technology Centre Ltd.
The list of functionalities implemented by the spyware includes:
The surveillance software abuses Android accessibility services to capture data from third party apps, including Google Docs, Facebook messenger, VK, Whatsapp,
If root access is available on the target device, the spyware installs
According to Lookout, the spyware is distributed through fake apps, some of which are related to specific interests or regions, this suggests that the malware was currently used in limited areas around the world. Most of the titles are in English with a handful in Arabic and Russian.
Recent samples of Monokle include the Xposed framework that allows Android users to apply modules to an Android device’s ROM
Much of the core malicious functionality implemented in the later samples of
“The functionality hidden in this DEX file includes all cryptographic functions implemented in the open source library spongycastle11, various e-mail protocols, extraction and exfiltration of all data, serialisation and deserialisation of data using the Thrift protocol, and rooting and hooking functionality, among others ” continues the report.
As anticipated, Monokle was developed by STC, the experts noticed that Monokle and the STC’s Android security suite called Defender are digitally signed with the same digital certificates and have the same C&C infrastructure.
“Command and control infrastructure that communicates with the Defender application
Researchers revealed that there is evidence that an iOS version of
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.