A Russian military contractor tied to 2016 U.S. election interference is behind a spate of mobile phone surveillance programs, researchers at Lookout mobile security have determined.
Driving the news: The mobile spyware, dubbed Monokle, was disguised as several different Android apps — ranging from pornography to Google. Monokle may have been in use since 2015.
The targets: Some of the fake apps were intended for highly specialized audiences, which may give a sense of some of the intended targets.
- A fake version of “UzbekChat” appears to be intended for people in or communicating with Uzbekistan.
- A fake program called "Ahrar Maps" appears to be targeted at the Ahrar al-Sham militant group in Syria.
- A fake app titled "Caucas" appears to target the Caucasus region.
The attacker: Lookout says Monokle uses the same private internet infrastructure as an antivirus product developed by Special Technology Centre, Ltd. (STC), a Russian military contractor sanctioned by the Obama administration for its role in 2016 election tampering.
- Two developers' names and the name "Monokle" are referenced in the code for Monokle.
- There is evidence that an iOS version is being developed.
Unique features: Monokle is able to change security certificates on cellphones, giving STC the ability to alter data being sent to and from the phone.