SECURITY
SECURITY
SECURITY
Sophisticated new Russian spyware hides in functional fake apps
A new form of Android spyware embedded in functional fake apps is one of the most sophisticated ever seen, according to a new report today.
Discovered by cybersecurity researchers at Lookout Inc. and dubbed “Monokle,” the spyware is said to have been developed by Russia-based company Special Technology Centre Ltd., which was sanctioned by the U.S. government in connection to alleged interference in the 2016 presidential elections.
The spyware toolset, which is believed to have been developed as far back as 2015, was first observed in the wild in 2016, with infections peaking in 2018, but until recently it had not been identified.
The infection path for Monokle is trojanized versions of what are designed to look like legitimate apps. Following a recent trend in malware, the trojanized apps operate as intended, with the spyware operating in the background. That means the victims are not aware that they have malicious apps and because the apps work, they’re far less unlikely to uninstall them.
Many of the apps discovered by the researchers primarily targeted users in the Caucasus region and well as users in and around Syria, but some apps popular in the west were found copied and trojanized as well. Some of the fake apps found included those for Skype, Signal and Pornhub.
Once a user installs the fake but functional app, Monokle gets to work. In its first stage, the spyware enables so-called man-in-the-middle attacks by allowing those behind it to install their own malicious certificates on the infected device. That’s a unique feature, according to the researchers.
After that, Monokle’s features read like a shopping list of just about every known form of surveillance. The spyware can harvest and exfiltrate data from many popular applications; record users’ device screens to capture their PINs, patterns and passwords; steal contacts, call histories, browser histories and calendar information; record calls and local audio; capture user passwords of websites; retrieve emails, take screenshots, track the location of a device; and more.
“Monokle is a great example of the larger trend of enterprises and nation-states developing sophisticated mobile malware that we have observed over the years,” the researchers noted in a blog post.
Photo: Maxpixel
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
