Cyber security experts have discovered a new virus, which acts as a mobile remote access trojan for Android devices and leverages a range of intrusive capabilities to launch cyber attacks. This trojan attacks target devices using fake apps that are camouflaged as genuine ones. Security researchers also revealed that cyber criminals are developing this virus to attack on iOS (Apple) devices.
The trojan attack has also been flagged by the Indian Computer Emergency Response Team (Cert-In). “The trojan is distributed to targets via fake apps camouflaged as genuine apps such as Google Play, Skype, UC Browser, etc,” Cert-In said in a security report.
“So far Monokle is directed against Android devices. The researchers found several references to a planned iOS version, including unused commands and data transfer objects in its source code. Typically victims are infected when they download the trojanised versions of what appears to be legitimate Android applications,” it added.
The trojan can self-sign trusted certificates to interpret encrypted SSL (Secure Sockets Layer) traffic and can also use a phone’s lockscreen activity to obtain passwords to steal personal information and gain access to third party apps.
Cyber security firm, Lookout, which discovered the trojan, said that Monokle is an advanced mobile surveillanceware, which can compromise user’s privacy by stealing personal data stored on an infected device and then exfiltrating this information to command and control infrastructure.
“Lookout has discovered a highly targeted mobile malware threat that uses a new and sophisticated set of custom Android surveillanceware tools called Monokle that has possible connections to Russian threat actors,” the company said in a security breach report.
While most of its functionality is typical of a mobile surveillanceware, Monokle is unique in that it uses existing methods in novel ways to be extremely effective at data exfiltration, even without root access.
Monokle appears in a very limited set of applications, which implies attacks using Monokle are highly targeted. Many of these applications are trojanised and include legitimate functionality, so user suspicion is not aroused.
“There is evidence that an iOS version of Monokle is in development. Lookout has no evidence of active iOS infections,” the San Francisco-based company revealed.
A senior government official said the virus will pose security threats for India device users. “India’s cyber security requirements have grown exponentially in last few years on back of rising internet penetration and growing demand for data and smartphones. It accounts for one of the largest android app downloads globally at more than 6 billion. Besides, it has over 200 million IoT devices, which will swell to 2.7 billion by 2020. This makes India a preferred playground for cyber criminals,” one of the officials explained.
According to CERT-In data, a total of 53,117 cyber security incidents including phishing, network scanning and probing, virus or malicious code and website hacking were reported in 2017. This further swelled to 2,08,456 and 1,05,849 incidents in 2018 and 2019 (till May), respectively.