The point of security firms is to work as “lookout” for whatever things that are detrimental to a system or platform. There is a company called Lookout that offers several services and products like the Lookout app, a business mobile security, and other related services. We haven’t featured the service lately but this week, we’re learning about a new mobile surveillanceware that we know is questionable. Lookout has shared that it discovered something developed by the Special Technology Center. The latter is a Russian defense contractor so people are called to be more careful.
Called as the Monokle, this ‘surveillanceware’ is a set of custom Android tools. What’s more interesting is that the company was once penalized (sanctioned) by the US government. It was connected to interference during the last presidential elections in the country.
The Monokle is said to have remote access trojan (RAT) functionality. It is advanced in the sense that it can install an attacker-specified certificate to a trusted store. It also makes use of advanced data exfiltration techniques. It can then perform man-in-the-middle (MITM) attacks. The “attacks” may be serious but there is no related report yet.
Mobile surveillance is now said to be enabled in highly targeted attacks. It is simply a mobile malware that can affect many areas of a smartphone. It can steal personal data on an infected phone and then share them with a command-control system. It is considered advanced because it uses existing methods users may not be familiar about. It can install an attacker-specified certificate while you can also record a phone’s screen and read the predictive-text dictionaries.
Monokle now appears in some Android apps. They’ve very limited though which means the victims may be highly targeted or specified. Some of the apps have also been trojanized so some function and response may appear normal.