Russian Defense Contractor Developed Sophisticated Malware Affecting Androids, Report Says

A Russian defense contractor sanctioned by the Obama administration for its alleged role in attacks on the 2016 U.S. election has developed sophisticated malware that compromises user privacy, according to security firm Lookout.

St. Petersburg-based company Special Technology Center developed a series of surveillance-ware tools named Monokle, according to the Lookout report released Wednesday. The tools can be disguised in a range of trojanized apps, including encrypted messaging app Signal.

The group of malware tools can retrieve accounts and passwords, take screenshots, record calls and send text messages to attacker-specific phone numbers, among other actions.

A man holds the Nokia smartphone model 6 during a press conference of Finnish mobile phone maker HMD Global in Helsinki, on June 6, 2017. EMMI KORHONEN/AFP/Getty Images

The report said that "Monokle makes extensive use of Android accessibility services to exfiltrate data from third-party applications by reading text displayed on a device's screen at any point in time," and that an iOS version appears to be in the development process. In comments to Newsweek, Apurva Kumar, a staff security intelligence engineer at Lookout, indicated that Monokle has the potential to be used against an array of individuals.

"We do not have any direct evidence of who is using Monokle or against what targets, but the effectiveness of a surveillance tool like Monokle indicates that it could be used against any target, including government officials. In the past, Lookout has seen other mobile threats, such as Pegasus, Dark Caracal and Stealth Mango, which have utilized a variety of different attack vectors, including social engineering and phishing, to target the mobile devices of government officials, journalists, political activists, and so forth," Kumar told Newsweek in a statement sent via email.

"All of these threats include functionality to access virtually any interesting data on the device, such as photos, call logs, email and so on -- and Monokle is no different in that regard."

The report said that Lookout first noticed Monokle in 2016 and that activity is "small but consistent." The report also said that the tools have been used for targeted campaigns targeting people in the Caucasus region and individuals interested in Ahrar al Sham, a Syrian militant group.

Lookout's report comes just days after former special counsel Robert Mueller testified before Congress, answering questions about his conclusions in a two-year investigation into Russian meddling in the 2016 election. Russia's attempts to influence the 2016 U.S. race have generated concerns about foreign powers interfering in other elections. An AP-NORC poll last month found that 63 percent of Americans are concerned about foreign interference in the 2020 election.