Android Virus Alert: Monokle Malware

Virus Alert

New mobile remote access trojan (RAT) for Android called Monokle, has been reported using novel techniques to exfiltrate data. Monokle uses a range of intrusive capabilities to conduct various types of cyber attacks. The trojan is distributed to targets via fake apps camouflaged as genuine apps such as Google Play, Skype, UC Browser, Pornhub, etc.

Image credit: redeszone
 So far Monokle is directed only against Android devices. The researchers found several references to a planned iOS version, including unused commands and data transfer objects in its source code. Typically, victims are infected when they download trojanised versions of what appear to be legitimate Android applications that otherwise operate as intended.

The attacker can use Monokle to steal the following information: 

  • It has the ability to self sign trusted certificates to intercept encrypted SSL traffic and does not require any root access to exfiltrate data.
  • A phone's lockscreen activity can be used to obtain passwords to steal personal information as well as gain access to third party apps
  • It uses predictive text dictionaries of the user to gain access to the target's topic of interest.
  • If the attacker gains access to the root of the target's phone, it can install additional attacker specified certificates to the trusted certificates allowing man in the middle (MITM) attacks against TLS traffic. 
  • The attacker will be able to gain access to the target's contacts, calendar information, record audio and calls, take screenshots, photos, videos, etc.
  • The attacker can also retrieve emails, browsing histories, accounts, passwords, screen recording, etc.
  • Other capabilities include keylogging, deleting arbitrary files, executing arbitrary codes, rebooting the device.

Best Practices and Recommendations

  • Install Android and iOS apps from known and trusted sources and from verified developers.
  • Updating the OS and apps with latest patches
  • Having an active instance of a reputed multi-layered anti-malware solution updated with latest signatures
  • All new apps which are to be downloaded should be verified before installation
  • Users should be careful while giving permission to third party apps to access messages, call logs, location, pictures, etc. Android users can turn off permissions by using Settings of their phones.
  • Users should use strong passwords and should regularly change passwords of phones and online
Note: This Article is taken from and no editing is done at our end.

Previous Post Next Post