Cyber Security Experts Just Discovered A New Trojan Targeting Android Users

Nation-state mobile attacks are on the rise, pressurizing countries, as well as enterprises, to build sufficient security infrastructure that protects against the growing threat of mobile surveillanceware. Pegasus, a spyware invading the operating system of Apple mobile devices, was discovered in 2016. Through a malicious link, Pegasus is able to read text messages, tracking calls, collecting passwords, and interfering with other activities on infected phones, thus compromising users’ privacy.

Mobile surveillanceware becomes more complicated as with the development of antivirus tools and malware detection software. Recently, Monokle appears as a great example of an advanced mobile malware that is described as “never seen in the wild before.”

Monokle was discovered by Lookout, a private IT security company based in California. It is a part of several targeted campaigns carried out by Russian firm Special Technology Center (STC), according to Lookout experts. The firm has been sanctioned by the US Government for having interference in the 2016 US Presidential Elections. 

How dangerous is Monokle?

Monokle was discovered by Lookout, a private IT security company based in California. It is part of several targeted campaigns carried out by the Russian firm Special Technology Center (STC), according to Lookout experts. The firm has been sanctioned by the US Government to have interference in the 2016 US Presidential Elections. 

As described, Monokle attacks targeted Android devices through counterfeit applications of Skype, Google Play, and more. Aiming to steal personal information, it compromises the devices’ passwords, PIN, or pattern during a screen unlock event. Novel techniques make it more effective to exfiltrate data from third-party apps without root access. Above that, the surveillanceware employs predictive-text dictionaries which interpret interested topics to a targeted device. 

Particularly, Monokle is found in a limited set of applications, implying that the malware attacks highly targeted devices. Users will have no doubt when downloading fake apps due to their legitimate functionality. 

For these capabilities, Monokle is posing a major security risk for Indian mobile users, including both iOS and Android devices, as said by a senior government official. 

About the Special Technology Center (STC)

In 2016, the Special Technology Center (STC) is supposed to provide material support for an alleged party that has interference in the 2016 US Governmental Elections. Specifically, the company has been supplying Radio Frequency (RF) and Unmanned Aerial Vehicles (UAVs) equipment for the Russian military, as well as other customers of the government. 

Through STC’s connection to its own antivirus software named Defender that Lookout recognized it as the developer of Monokle. STC also develops other Android security software, both offensive and defensive, that stands the chance of surveillance.