This Android Malware Can Take Photos and Videos and Spy on You App History (Jul 24, 2019)
A new custom malware, dubbed “Monokle,” is being utilized by unknown threat actors to conduct surveillance on chosen individuals, according to Lookout researchers. Monokle functions as a Remote Access Trojan (RAT) that has multiple malicious capabilities such as keylogging, taking photos/video, tracking user location, and stealing application and web browser history, among others. The malware will install trusted certificates to gain root access to the device that allows Monokle to further conduct its theft and monitoring functionalities. Researchers believe that Monokle has been active since at least 2016 with its activity consisting of small bursts targeting individuals in the Caucasus region. The Lookout infrastructure has been connected to the Russian company Special Technology Centre based in St. Petersburg. While this activity is targeting Android users, researchers have also identified iOS components in the malware, likely indicating that targeting iOS is under development or may be already underway.
Recommendation: At the time of this writing, the distribution method for this malware has not been identified. Education for mobile security is important. Always keep your mobile phone fully patched with the latest security updates. Only use official locations such as the Google Play Store / Apple App Store to obtain your software, and avoid downloading applications, even if they appear legitimate, from third-party stores.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.