The Patriot Files Forums  

Go Back   The Patriot Files Forums > Military News > Cyber Warfare

Post New Thread  Reply
Thread Tools Display Modes
Old 07-24-2019, 02:43 PM
Boats's Avatar
Boats Boats is offline
Senior Member

Join Date: Jul 2002
Location: Chicago, IL
Posts: 14,261
Exclamation A Russian military contractor has a shady new Android malware kit

A Russian military contractor has a shady new Android malware kit
By: Sean Lyngaas - Cyber Scoop - 7-24-19

Note: The so-called “Monokle” malware is extremely invasive, according to Lookout. (Getty)

A contractor for the Russian military that was sanctioned for interfering in the 2016 U.S. election has developed Android malware that is being used in “highly-targeted” attacks that exfiltrate data using third-party applications, according to mobile security company Lookout.

The malware allegedly developed by the contractor, St. Petersburg-based Special Technology Center (STC), is capable of installing the attacker’s own software certificate in a certificate store and then using it for “man-in-the-middle” attacks, intercepting data before it reaches its intended recipient.

“This ability is something that Lookout researchers have never seen in the wild before,” Lookout’s Adam Bauer, Apurva Kumar, and Christoph Hebeisen said Wednesday.

The so-called “Monokle” malware is extremely invasive, according to Lookout. It can record a target device’s screen while the user is unlocking it, capturing the user’s PIN. It abuses Android’s accessibility features to harvest data from third-party apps. And it uses “predictive-text dictionaries” to figure out what a target user is interested in.

Discovered last year, the surveillance tool is still in active use, Lookout said. The malware shows up in a small number of trojan mobile apps, indicating it is being used in carefully crafted attacks, the researchers said. New samples were seen as recently as last month.

“We’ve seen evidence that Monokle has been under active development for years and have no reason to believe work isn’t continuing on it,” Hebeisen, Lookout’s head of threat research, told CyberScoop. He declined to say where the phones infected by Monokle were located.

Among the malware’s targets were people interested in Ahrar al-Sham, a militant group fighting the Syrian regime, and “individuals living in or associated with the Caucasus regions of Eastern Europe,” Lookout said.

STC was one of several Russian organizations or individuals sanctioned through a 2016 executive order from President Barack Obama for interfering in the presidential election. A White House statement at the time said that the STC helped Russian’s military intelligence service, the GRU, conduct signals intelligence operations.

STC did not immediately respond to a request for comment on Lookout’s findings. STC’s website boasts that, in 10 years in business, it has “gained a leading position” in the international market for radio-monitoring equipment.

Lookout researchers traced Monokle back to STC by examining the Russian company’s antivirus Android app. That application communicates with the same networking infrastructure that Monokle does, the researchers said. Hebeisen told CyberScoop that there’s no reason to think STC is limiting its focus to Android devices. “We have observed code, included in the Android applications, which points to the existence of an iOS version of the software.”

The discovery is part of a larger trend of companies and governments developing advanced mobile malware, Lookout pointed out. STC is one of several surveillance vendors that security researchers are tracking, including Israel-based NSO Group and the developers of the FinFisher kit.

“Monokle shows that it would be naive to think that mobile surveillance-ware is a rare capability of nation-states,” Hebeisen said.

-In this Story-
Android, GRU, Lookout, mobile hacking, mobile malware, Russia, spyware

O Almighty Lord God, who neither slumberest nor sleepest; Protect and assist, we beseech thee, all those who at home or abroad, by land, by sea, or in the air, are serving this country, that they, being armed with thy defence, may be preserved evermore in all perils; and being filled with wisdom and girded with strength, may do their duty to thy honour and glory; through Jesus Christ our Lord. Amen.

sendpm.gif Reply With Quote
Sponsored Links

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

All times are GMT -7. The time now is 02:31 PM.

Powered by vBulletin, Jelsoft Enterprises Ltd.