Lookout, the security agency of Canada has discovered a Russian-made mobile surveillanceware targeting Android users.
Lookout discovered this dangerous Android surveillance tool called “Monokle” which has been developed by a Russian-Based company, Special Technology Centre Ltd. (STC) in St. Petersburg.
According to Lookout, STC played an important role in affecting the US Presidential election which took place in 2016 by providing material support to the GRU. GRU is a Russian intelligence agency. STC is mainly known for making unmanned Aerial Vehicles (UAVs) and equipment for measuring radiofrequency.
Monokle possesses remote access trojan(RAT) functionality. It uses advanced data exfiltration technique to use and finish the mobile data by exploiting accessibility service. This tool can also read all the text which is shown on the mobile screen at any point in time.
It has also the ability to install an attacker-specified certificate on the targeted device to perform a MITM (men-in-the-middle) attack.
It has been found that Monokle has been integrated with a limited number of popular apps like Pornhub, Evernote, Skype, Google, ES File Explorer, Android Browser etc. The title of these apps are mostly written in English and some of them also include Arabic and Russian language.
STC can use these apps to reset a user’s pincode, record calls, make outgoing calls, record background audio, take photos, videos and screenshots, log passwords, track device location, restart the device, delete arbitrary files etc. Monokel can perform all these tasks without getting caught. This tool has also the ability to completely remove itself from the infected phone without leaving any trace of its presence.
Monokel was first discovered doing its activity in 2016 during the month of March. After then it continued its activities but in small amounts. In the first of 2018, the activities of this malware reached its peak. The security agency also believes that SCT has also created Monokel for iOS platform.