Threat groups relying on trojanized apps to spread surveillanceware

Apurva Kumar shows how Monokle is spreading its surveillanceware

Threat groups are increasingly relying on trojanized apps posing as legitimate versions. Instead of getting the app you’re looking for, your device gets a dose of surveillanceware. In an interview with Threatpost, Apurva Kumar, a security intelligence engineer at Lookout, shared how surveillanceware group Monokle is already employing this tactic.

Kumar first spoke about Monokle at this year’s RSA Conference. During the session, he gave attendees an inside look at the highly targeted Monokle surveillanceware and tied it to nation-states.

Kumar explained in the Threatpost interview, “We found after quite a bit of investigation, and after looking at Monokle for a couple of times, we found that the developer of Monokle is almost certainly a Russian defense contractor by the name of Special Technology Center or STC. And this developer appears to have a very good or very advanced Android development pipeline, they are most likely producing a number of different applications, Android apps, both on the defensive side and the offensive side. So they produce some defensive security solutions that are like basically an antivirus, as well, as a surveillanceware which we found called Monokle.”

Kumar continued, detailing how Monokle distributes its surveillanceware. By mimicking well-known applications, such as Skype or Signal, Monokle convinces users to trust the trojanized app enough to install it. Once installed, Monokle distributes malware across the unsuspecting users’ devices.

While it’s concerning that threat groups are using booby-trapped versions of popular apps to distribute surveillanceware, Kumar noted, “Threats are starting to move away from [the] simple installation of applications and starting to move more onto the device and device exploitation side. So definitely, as always, there will always be an increase in sophistication and complexity of these actors as they try to find new and novel ways of getting onto their targets’ device.”

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

What is a Trojan?
Security

What is a Trojan?

4 Jan 2021
Android malware vendor teams with marketer to promote new malware
malware

Android malware vendor teams with marketer to promote new malware

11 Jan 2021
Python-based malware steals Outlook files and browser credentials
malware

Python-based malware steals Outlook files and browser credentials

15 Dec 2020
Subway UK customers targeted by Trickbot hackers
hacking

Subway UK customers targeted by Trickbot hackers

14 Dec 2020

Most Popular

150,000 arrest records accidentally deleted from police database
data management

150,000 arrest records accidentally deleted from police database

15 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021