The Monokle malware is a toolkit built to target Android devices and is likely to have been created by a Russian company that deals in the cybersecurity business. This same company has interfered in the 2016 United States Presidential Elections allegedly This is a rather high-end threat, and it appears that its victims tend to be hand-picked high-ranking individuals.
Can Access Encrypted Network Traffic
An interesting feature of the Monokle toolkit is that its operators can install a fake security certificate on the compromised device, and then use it as bogus authentication for connections protected by SSL or TLS. This might allow the perpetrators of the attack to access encrypted network traffic, and also to initiate MITM (man-in-the-middle) attacks.
Propagated via Fake Applications
As with more Android-based malware, the Monokle spyware is being propagated via bogus copies of popular applications. Some of them are hosted on the official Google Play Store while others reside on the third-party app stores. Among the fake applications that were used in the spreading of the Monokle malware are copies of PornHub, Skype, Sihnal, Ultra GPS Logger, Ahram Al-Sham, ES File Explorer, etc.
The Monokle spyware sports an impressive list of capabilities that promise trouble. This threat can:
The authors of the Monokle spyware are highly-skilled and continue introducing improvements of this threat, therefore weaponizing it further. The good news is that normal users will likely not be targeted by the Monokle malware as this threat appears only to be employed against people in positions of power. However, it is important to have a reputable cybersecurity application on your device because there are many more threats out there that target regular Android users.