Sanctions-hit Russian developers fingered for crafting ‘Monokle’ Android snoopware

Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: The Register

A Russian software developer, currently under American sanctions for its purported role in the Kremlin’s interference with the 2016 US elections, is now selling spyware to governments.

Researchers at security house Lookout today reported [PDF] that St Petersburg-based Special Technology Centre (STC) is developing and maintaining a commercial spyware tool known as Monokle.

STC was among the Russian businesses hit last year with US economic sanctions for their supporting role in the GRU’s election-meddling efforts. The Russian tech firm is said to have its hands in a number of fields, including UAVs, radio equipment and, now, surveillance software.

Monokle targets Android devices by being added as a hidden payload in seemingly legitimate apps like Google Play or Skype. Most recently, Lookout says, the malware has used the names and icons of apps popular in Syria and the Caucasus regions in an effort to keep an eye on groups in those areas.

Once installed Monokle launches a wide range of surveillance tools including remote-access backdoors, certificate installers to allow for man-in-the-middle attacks, and functions that gather the personal data of the target.

“While most of its functionality is typical of a mobile surveillanceware, Monokle is unique in that it uses existing methods in novel ways in order to be extremely effective at data exfiltration, even without root access,” Lookout notes.

“Among other things, Monokle makes extensive use of the Android accessibility services to exfiltrate data from third party applications and uses predictive-text dictionaries to get a sense of the topics of interest to a target. Monokle will also attempt to record the screen during a screen unlock event so as to compromise a user’s PIN, pattern or password.”

Monokle is also just the tip of the iceberg for STC’s mobile operations. Lookout’s team said it found evidence that an iOS version of the spyware is in development along with a set of security tools STC is pitching to governments alongside the spyware.

“According to our research, although STC has never publicly marketed their Android security suite, it is clear that STC is producing this software and that it is intended for government customers,” Lookout said.

“Multiple Android developer positions have been advertised by STC on popular Russian job search sites in St Petersburg and Moscow. The positions require both Android and iOS experience and advertise working on a native antivirus solution for Android.”

The dual offerings make sense enough. Who better to protect you from targeted, government-backed malware than a company that develops it on the side?

www.extremehacking.org

Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training Institute, CEHv10,CHFI,ECSAv10,CAST,ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking,Center For Advanced Security Training in India, ceh v10 course in Pune-India, ceh certification in pune-India, ceh v10 training in Pune-India, Ethical Hacking Course in Pune-India

The post Sanctions-hit Russian developers fingered for crafting ‘Monokle’ Android snoopware appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.



from Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity https://ift.tt/2yfwe1W