IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Threat groups relying on trojanized apps to spread surveillanceware

Apurva Kumar shows how Monokle is spreading its surveillanceware

Threat groups are increasingly relying on trojanized apps posing as legitimate versions. Instead of getting the app you’re looking for, your device gets a dose of surveillanceware. In an interview with Threatpost, Apurva Kumar, a security intelligence engineer at Lookout, shared how surveillanceware group Monokle is already employing this tactic.

Kumar first spoke about Monokle at this year’s RSA Conference. During the session, he gave attendees an inside look at the highly targeted Monokle surveillanceware and tied it to nation-states.

Kumar explained in the Threatpost interview, “We found after quite a bit of investigation, and after looking at Monokle for a couple of times, we found that the developer of Monokle is almost certainly a Russian defense contractor by the name of Special Technology Center or STC. And this developer appears to have a very good or very advanced Android development pipeline, they are most likely producing a number of different applications, Android apps, both on the defensive side and the offensive side. So they produce some defensive security solutions that are like basically an antivirus, as well, as a surveillanceware which we found called Monokle.”

Kumar continued, detailing how Monokle distributes its surveillanceware. By mimicking well-known applications, such as Skype or Signal, Monokle convinces users to trust the trojanized app enough to install it. Once installed, Monokle distributes malware across the unsuspecting users’ devices.

While it’s concerning that threat groups are using booby-trapped versions of popular apps to distribute surveillanceware, Kumar noted, “Threats are starting to move away from [the] simple installation of applications and starting to move more onto the device and device exploitation side. So definitely, as always, there will always be an increase in sophistication and complexity of these actors as they try to find new and novel ways of getting onto their targets’ device.”

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
What is a Trojan?
Security

What is a Trojan?

27 Aug 2021

Most Popular

FCC commissioner urges Apple and Google to remove TikTok from app stores
data protection

FCC commissioner urges Apple and Google to remove TikTok from app stores

29 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022