Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Anon-C

(3,440 posts)
Fri Jul 26, 2019, 01:41 AM Jul 2019

Advanced mobile surveillanceware, made in Russia, found in the wild

https://arstechnica.com/information-technology/2019/07/advanced-mobile-surveillanceware-made-in-russia-found-in-the-wild/



Researchers have discovered some of the most advanced and full-featured mobile surveillanceware ever seen. Dubbed Monokle and used in the wild since at least March 2016, the Android-based application was developed by a Russian defense contractor that was sanctioned in 2016 for helping that country’s Main Intelligence Directorate meddle in the 2016 US presidential election.

Monokle uses several novel tools, including the ability to modify the Android trusted-certificate store and a command-and-control network that can communicate over Internet TCP ports, email, text messages, or phone calls. The result: Monokle provides a host of surveillance capabilities that work even when an Internet connection is unavailable. According to a report published by Lookout, the mobile security provider that found Monokle is able to:


Retrieve calendar information including name of event, when and where it is taking place, and description

Perform man-in-the-middle attacks against HTTPS traffic and other types of TLS-protected communications

Collect account information and retrieve messages for WhatsApp, Instagram, VK, Skype, imo

Receive out-of-band messages via keywords (control phrases) delivered via SMS or from designated control phones

Send text messages to an attacker-specified number

Reset a user’s pincode

Record environmental audio (and specify high, medium, or low quality)

Make outgoing calls

Record calls

Interact with popular office applications to retrieve document text

Take photos, videos, and screenshots

Log passwords, including phone unlock PINs and key presses

Retrieve cryptographic salts to aid in obtaining PINs and passwords stored on the device

Accept commands from a set of specified phone numbers

Retrieve contacts, emails, call histories, browsing histories, accounts and corresponding passwords

Get device information including make, model, power levels, whether connections are over Wi-Fi or mobile data, and whether screen is on or off

Execute arbitrary shell commands, as root, if root access is available

Track device location

Get nearby cell tower info

List installed applications

Get nearby Wi-Fi details

Delete arbitrary files

Download attacker-specified files

Reboot a device

Uninstall itself and remove all traces from an infected phone

Commands in some of the Monokle samples Lookout researchers analyzed lead them to believe that there may be versions of Monokle developed for devices running Apple’s iOS. Unused in the Android samples, the commands were likely added unintentionally. The commands controlled iOS functions for the keychain, iCloud connections, Apple Watch accelerometer data, iOS permissions, and other iOS features or services. Lookout researchers didn’t find any iOS samples, but they believe iOS versions may be under development. Monokle gets its name from a malware component a developer titled "monokle-agent."

----

More at link
1 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Advanced mobile surveillanceware, made in Russia, found in the wild (Original Post) Anon-C Jul 2019 OP
Oh my!!! And what is anyone doing about it? Thekaspervote Jul 2019 #1
Latest Discussions»Help & Search»Computer Help and Support»Advanced mobile surveilla...