Monokle
Monokle is spyware that leverages multiple, sophisticated attacks for collecting information from Android devices. Monokle operators are believed to be a Russian state-sponsored entity, and its campaigns are focusing on exfiltrating information from political dissidents and other, high-priority targets in Caucasia. Users should protect their devices with appropriate anti-malware solutions for deleting Monokle automatically and change their compromised credentials after an attack.
The Monocle through which a Spy is Peering
In a particularly ironic twist, a long-running spyware operation is linking back to an anti-virus company operating out of St. Petersburg, Russia. Monokle is spyware and a Remote Access Trojan (RAT) that includes a rainbow's worth of features for monitoring Android phones and collecting their information. While its symptoms to any victims are minimal, Monokle's admins didn't cover their technical tracks as well, and the Trojan's certificates and server infrastructure point a suggestive finger at Special Technology Centre Limited.
Monokle is spreading through harmful and compromised applications that are just as broadly-diverse as its payload's attacks. Examples include English, Russian, and Arabic-named downloads like Блокировка Камеры, Skype, UzbekChat, Videoder Video Downloader, ES File Explorer and many others. This 'shotgun blast' approach is a tactic that malware experts don't tend to see in state-sponsored espionage, although it's more typical of for-profit-based black hat enterprises.
Some of Monokle's attacks are traditional, like taking screenshots, harvesting contact lists and passwords via multiple methods, or recording phone calls. Others are less so, including a never-before-seen type of Man-in-the-Middle attack that adds corrupted certificates for bypassing SSL and TLS defenses. MitMs can capture information, like passwords, but also enable attackers' inserting third-party content seamlessly, such as replacing a bank's login page with fake 'security questions' for capturing more data.
Shattering the Lens of Spyware
While the capabilities of Monokle make it a potentially-formidable, data-snatching program against any Android user, its deployment over the past four years limits its activities to nations in the Caucasus region, such as Armenia and Georgia. Infection patterns tie its attacks to interests in gaining intelligence on anti-government organizations. Victims can, hopefully, avoid compromising their devices by staying away from unofficial sources of applications, particularly, for programs that are part of the known list of Monokle-installing brands.
Monokle is equivalent to other, state-sponsored threats, concerning its professionalism of coding quality. Monokle includes few bugs or symptoms that would tip off a victim that it's harvesting information. However, some discrepancies in the Web-browsing experience, such as unusual login questions or changes in security protocols, are possible. Naturally, disabling network connectivity is one of the first things users should do when responding to Monokle infections.
Malware experts recommend updating anti-malware solutions for your Android device before uninstalling Monokle during a thorough system scan. Clearing out temporary browser content, such as cookies and the cache, also is advisable.
Man-in-the-Middle is a known security risk, as per the history of threats as notorious as Comfoo and the Terdot banking Trojan. Monokle's putting it to use with certificate-breaching attacks in Android is, however, a new wrinkle demanding the cyber-security community's collective attention.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.