Threat groups relying on trojanized apps to spread surveillanceware

Apurva Kumar shows how Monokle is spreading its surveillanceware

Threat groups are increasingly relying on trojanized apps posing as legitimate versions. Instead of getting the app you’re looking for, your device gets a dose of surveillanceware. In an interview with Threatpost, Apurva Kumar, a security intelligence engineer at Lookout, shared how surveillanceware group Monokle is already employing this tactic.

Advertisement - Article continues below

Kumar first spoke about Monokle at this year’s RSA Conference. During the session, he gave attendees an inside look at the highly targeted Monokle surveillanceware and tied it to nation-states.

Kumar explained in the Threatpost interview, “We found after quite a bit of investigation, and after looking at Monokle for a couple of times, we found that the developer of Monokle is almost certainly a Russian defense contractor by the name of Special Technology Center or STC. And this developer appears to have a very good or very advanced Android development pipeline, they are most likely producing a number of different applications, Android apps, both on the defensive side and the offensive side. So they produce some defensive security solutions that are like basically an antivirus, as well, as a surveillanceware which we found called Monokle.”

Kumar continued, detailing how Monokle distributes its surveillanceware. By mimicking well-known applications, such as Skype or Signal, Monokle convinces users to trust the trojanized app enough to install it. Once installed, Monokle distributes malware across the unsuspecting users’ devices.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

While it’s concerning that threat groups are using booby-trapped versions of popular apps to distribute surveillanceware, Kumar noted, “Threats are starting to move away from [the] simple installation of applications and starting to move more onto the device and device exploitation side. So definitely, as always, there will always be an increase in sophistication and complexity of these actors as they try to find new and novel ways of getting onto their targets’ device.”

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

What is a Trojan?
Security

What is a Trojan?

15 Jun 2020
Malware attacks using machine identities doubled in 2019
cyber security

Malware attacks using machine identities doubled in 2019

4 Aug 2020
Over two dozen Android apps found stealing user data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Best antivirus for Windows 10
antivirus

Best antivirus for Windows 10

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do I fix the Windows 10 Start Menu if it's frozen?
operating systems

How do I fix the Windows 10 Start Menu if it's frozen?

3 Aug 2020