Unique Monokle Android Spyware Self-Signs Certificates
#1
Bug 
Quote:A never-before-publicized mobile spy tool, a mobile surveillanceware remote access trojan (RAT) for Android called Monokle, has been spotted using novel techniques to exfiltrate data.
 
According to the Lookout researchers who discovered Monokle in the wild, the malware has the ability to self-sign trusted certificates to intercept encrypted SSL traffic. It can also record a phone’s lockscreen activity in order to obtain passcodes, and it can leverage accessibility services to gain access to third-party apps.
 
“While most of its functionality is typical of a mobile surveillanceware, Monokle is unique in that it uses existing methods in novel ways in order to be extremely effective at data exfiltration, even without root access,” according to a report issued on Wednesday. “Among other things, Monokle makes extensive use of the Android accessibility services to exfiltrate data from third party applications and uses predictive-text dictionaries to get a sense of the topics of interest to a target. Monokle will also attempt to record the screen during a screen unlock event so as to compromise a user’s PIN, pattern or password.”

SOURCE: https://threatpost.com/monokle-android-spyware/146655/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
K-Lite Codec Pack 19.1.0 / 19.1.1 Update
Changes in 19.1.1 ...harlan4096 — 07:00
Manjaro Linux 25.0.6 Build 250730
Manjaro Linux 25.0...harlan4096 — 06:57
Brave 1.80.125
Release Channel 1....harlan4096 — 06:55
Vivaldi 7.5 Build 3735.58
Vivaldi 7.5 Build ...harlan4096 — 06:54
360 Total Security 11.0.0.1217
1.0.0.1217 Jul 25,...harlan4096 — 06:53

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>