Stories

Russian contractor tied to 2016 election interference unleashes mobile phone spyware

A Russian military contractor tied to 2016 U.S. election interference is behind a spate of mobile phone surveillance programs, researchers at Lookout mobile security have determined.

Driving the news: The mobile spyware, dubbed Monokle, was disguised as several different Android apps — ranging from pornography to Google. Monokle may have been in use since 2015.

The targets: Some of the fake apps were intended for highly specialized audiences, which may give a sense of some of the intended targets.

  • A fake version of “UzbekChat” appears to be intended for people in or communicating with Uzbekistan.
  • A fake program called "Ahrar Maps" appears to be targeted at the Ahrar al-Sham militant group in Syria.
  • A fake app titled "Caucas" appears to target the Caucasus region.

The attacker: Lookout says Monokle uses the same private internet infrastructure as an antivirus product developed by Special Technology Centre, Ltd. (STC), a Russian military contractor sanctioned by the Obama administration for its role in 2016 election tampering.

  • Two developers' names and the name "Monokle" are referenced in the code for Monokle.
  • There is evidence that an iOS version is being developed.

Unique features: Monokle is able to change security certificates on cellphones, giving STC the ability to alter data being sent to and from the phone.