Lookout discovers new mobile surveillanceware
Have you heard about Monokle?
The mobile spyware was developed by a Russian military contractor that was sanctioned by the U.S. Government in connection to interference in the 2016 US presidential elections. Organizations that have Lookout Mobile Endpoint Security have been protected against Monokle since early 2018.
What the Monokle remote-access trojan can do:
↠ it makes extensive use of the Android accessibility services to exfiltrate data from third party applications.
↠ Installs additional attacker-specified certificates to the trusted certificates on an infected device that would allow for man-in-the-middle
↠ Has the ability to record the device’s screen during a screen unlock event, allowing it to compromise a user’s PIN, pattern or password.
Visit the Lookout blog to get more details and an analysis on Monokle.