Monokle Description

The Monokle malware is a toolkit built to target Android devices and is likely to have been created by a Russian company that deals in the cybersecurity business. This same company has interfered in the 2016 United States Presidential Elections allegedly This is a rather high-end threat, and it appears that its victims tend to be hand-picked high-ranking individuals.

Can Access Encrypted Network Traffic

An interesting feature of the Monokle toolkit is that its operators can install a fake security certificate on the compromised device, and then use it as bogus authentication for connections protected by SSL or TLS. This might allow the perpetrators of the attack to access encrypted network traffic, and also to initiate MITM (man-in-the-middle) attacks.

Propagated via Fake Applications

As with more Android-based malware, the Monokle spyware is being propagated via bogus copies of popular applications. Some of them are hosted on the official Google Play Store while others reside on the third-party app stores. Among the fake applications that were used in the spreading of the Monokle malware are copies of PornHub, Skype, Sihnal, Ultra GPS Logger, Ahram Al-Sham, ES File Explorer, etc.


The Monokle spyware sports an impressive list of capabilities that promise trouble. This threat can:

  • Use screen reading to enable the threat to steal information from installed applications.
  • Exfiltrate browser history.
  • Collect contacts.
  • Collect calendar data.
  • Collect saved login credentials.
  • Collect files.
  • Take screenshots.
  • Track location services on the device.
  • Record screen to collect PIN code and unlock code of the device.
  • The authors of the Monokle spyware are highly-skilled and continue introducing improvements of this threat, therefore weaponizing it further. The good news is that normal users will likely not be targeted by the Monokle malware as this threat appears only to be employed against people in positions of power. However, it is important to have a reputable cybersecurity application on your device because there are many more threats out there that target regular Android users.