Monokle, a trojan which installs fake apps, on the prowl

Sunil Pradhan
Wednesday, 31 July 2019

According to CERT, ‘Monokle’ has been reported using novel techniques to exfiltrate data and victims are infected when they download trojan versions of what appear to be legitimate Android applications that otherwise operate as intended.

Pune: Just weeks after people were cautioned against a malware called ‘Agent Smith’ known for replacing the original mobile application with its malicious versions, experts have found another trojan identified as ‘Monokle’ which is targeting Android devices and is known for deceiving its victims by installing fake applications camouflaged as genuine applications. 

While the Maharashtra Cyber Cell is keeping a watch on ‘Agent Smith’ malware, the Computer Emergency Response Team (CERT) has issued warnings about the trojan called ‘Monokle’. 

According to CERT, ‘Monokle’ has been reported using novel techniques to exfiltrate data and victims are infected when they download trojan versions of what appear to be legitimate Android applications that otherwise operate as intended.

“It has the ability to self-sign trusted certificates. Similarly, a phone’s lock screen activity can be used to obtain passwords to steal personal information as well as gain access to third-party applications. It also uses predictive-text dictionaries of the user to gain access to the target’s topic of interest. If the attacker gains access to the root of the target’s phone, it can install additional attacker-specified certificates to the trusted certificates allowing Man-In-The-Middle (MITM) attacks. The attacker can gain access to the target’s contacts, calendar information, record audio and calls, take screenshots, photos, videos, retrieve emails, browsing histories, accounts, passwords, screen recording. It can also delete arbitrary files,” stated the warning by CERT.

Speaking on the rise of such malware, cyber expert Anil Raj of Cybervault Security Solutions Private Limited said that the incident has yet again exposed the vulnerability of Android. “While such malware steals data of the victim by using the stolen data, an attacker can cause larger damage to the victim,” said Raj.

“We have observed that for a common man it is difficult to distinguish between a genuine application and a fake application. The moment a mobile application goes viral, we can see nearly similar such applications available on the store which can lead a user to land on fake applications,” said Raj.

The cyber expert also highlighted that any application before being downloaded should be verified. “People just blindly give consent to access their messages, call logs, location, etc., which can affect them. Users can turn off permissions by using the settings of their phones. It is not necessary to give access to such applications,” added Raj.

Related News