A company that was sanctioned by the U.S. government for allegedly helping Russia interfere with the 2016 elections has developed an advanced set of offensive spyware tools with functionality that researchers claim they have never before witnessed in real-life attack campaigns.

Dubbed Monokle, the spyware toolset was actually developed as far back as 2015, according to a new blog post and technical report from researchers at Lookout. Samples have been observed in the wild since March 2016, with sightings peaking in the first half of 2018. But activity to this day has remained restrained and limited, suggesting that Monokle is used sparingly in highly targeted campaigns.

Typically, victims are infected when they download trojanized versions of what appear to be legitimate Android applications that otherwise operate as intended. Based largely on the apps that were chosen to carry the spyware, Lookout has assessed that the malware has been used against users based in the Caucasus region as well as those interested in Ahrar al-Sham militant group that opposes the current Syrian government under Bashar al-Assad.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.