Monokle Surveillance fake android apps
Image: Images: Depositphotos

Canadian security firm Lookout has discovered yet another Russian-made surveillance campaign targeting Android users.

The firm detected a dangerous Android surveillance tool called Monokle, which was supposedly developed by the Russian defense contractor Special Technology Centre Ltd. (STC), based in St. Petersberg.

It is believed that STC played a crucial role in affecting the 2016 US Presidential elections by supplying the required material to the Russian intelligence agency GRU (Main Intelligence Directorate).

STC is known for producing UAVs (unmanned Aerial Vehicles) and radio frequency measurement equipment. The firm was then sanctioned by President Obama for fueling Russia’s surveillance activities.

Lookout says that Monokle is a highly sophisticated malware that “possesses remote access trojan (RAT) functionality.”

It uses advanced data exfiltration techniques to suck data from target devices by exploiting Android’s accessibility services. The tool can read the text displayed on the device’s screen at any point in time.

It can also be used to perform MITM attacks by installing attacker-specified certificates on the devices. Still, the firm notes that the Android surveillance tool is highly targeted in nature.

Russian Spyware Monokle fake Android apps

They found that Monokle has been stuffed into a limited number of popular apps including Pornhub, Google, Evernote, Skype, etc. The titles for such apps are mostly in English and some in Arabic and Russian.

These apps can be used to reset a user’s pin code, make and record phone calls, record audio of the surroundings, etc. among other operations while hiding themselves from the process manager on the device.

The first set of samples observed by the firm were back in March 2016. Since then the malware activity continued in very small amounts which reached its peak in the first half of 2018.

Lookout said Monokle could have possibly targeted people in the Caucasus region and “individuals interested in Ahrar-al-Sham militant group in Syria, among others.” The firm believes that an iOS-version of Monokle also exists.

Also Read: Hackers Stole 7.5TB Of Secret Data From Russia’s Intelligence Agency