Researchers at Lookout discovered a new mobile spyware dubbed
Monokle that was developed by a Russian defense contractor.
Experts at Lookout discovered a new Android mobile spyware in the wild, dubbed Monokle, that was developed by a Russian defense contractor named Special Technology Centre Ltd.
“Lookout has discovered a highly targeted mobile malware threat that uses a new and sophisticated set of custom Android
Special Technology Centre Ltd.
The list of functionalities implemented by the spyware includes:
- Track device location
- Get nearby cell tower info
- Retrieve accounts and associated passwords.
- Record audio and calls
- Suicide functionality and cleanup of staging files.
- Make screen recordings
- Retrieve browsing and call histories
- Take photos, videos, and screenshots
- Retrieve emails, SMSes, and Messages
- Steal contacts and calendar information
- Make calls and send text messages
- Execute arbitrary shell commands, as root, if root access is available
The surveillance software abuses Android accessibility services to capture data from third party apps, including Google Docs, Facebook messenger, VK, Whatsapp,
If root access is available on the target device, the spyware installs
According to Lookout, the spyware is distributed through fake apps, some of which are related to specific interests or regions, this suggests that the malware was currently used in limited areas around the world. Most of the titles are in English with a handful in Arabic and Russian.
Recent samples of Monokle include the Xposed framework that allows Android users to apply modules to an Android device’s ROM
Much of the core malicious functionality implemented in the later samples of
“The functionality hidden in this DEX file includes all cryptographic functions implemented in the open source library spongycastle11, various e-mail protocols, extraction and exfiltration of all data, serialisation and deserialisation of data using the Thrift protocol, and rooting and hooking functionality, among others ” continues the report.
As anticipated, Monokle was developed by STC, the experts noticed that Monokle and the STC’s Android security suite called Defender are digitally signed with the same digital certificates and have the same C&C infrastructure.
“Command and control infrastructure that communicates with the Defender application
Researchers revealed that there is evidence that an iOS version of
The post Android Spyware Monokle, developed by Russian defense contractor, used in targeted attacks appeared first on Security Affairs.