- Monokle has the ability to install trusted certificates which allows it to gain root access to the device.
- While Monokle currently targets only Android devices, researchers say that they have found several samples of the malware targeting iOS devices.
A highly-sophisticated Android trojan called Monokle has been found using novel techniques to exfiltrate data.
What are the capabilities?
According to the Lookout researchers who discovered Monokle in the wild, the malware is equipped with a range of intrusive capabilities which enables it to conduct a cyberespionage on targets.
The capabilities of the Monokle include keylogging, taking photos and videos and retrieving the history of apps including web browsers, social media services, and messengers.
Apart from this, Monokle has the ability to install trusted certificates which allows it to gain root access to the device. This allows the threat actors to deploy unique capabilities in their quest to steal data.
The malware can also record a phone’s lockscreen activity in order to obtain passcodes. For this, Monokle makes extensive use of the Android accessibility services from third-party applications and predictive-text dictionaries to get a sense of the topics of interest of a target.
“While most of its functionality is typical of a mobile surveillanceware, Monokle is unique in that it uses existing methods in novel ways in order to be extremely effective at data exfiltration, even without root access,” said Lookout researchers in a blog post.
How widespread is it?
While Monokle currently targets only Android devices, researchers say that they have found several samples of the malware targeting iOS devices.
The malware is thought to have been active since 2016, targeting users in Armenia, Azerbaijan. Syria and Georgia. It is still uncertain as to how the malware is distributed, but researchers note that some samples of the malware are built around trojanized versions of real applications.