Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Monokle - Mobile Surveillanceware with a Russian Connection

RSA Conference via YouTube

Overview

Explore the highly targeted Monokle surveillanceware in this 40-minute RSA Conference session presented by Adam Bauer and Apurva Kumar from Lookout. Delve into the sophisticated mobile surveillanceware's deployment methods, likely by nation-states, and its attribution to a Russian government contractor. Gain insights into the latest trends in advanced mobile surveillanceware development. Examine Monokle's malicious functionality, including Android API exploitation, direct app database access, Accessibility Service abuse, screen unlock recording, and trusted certificate installation. Investigate the evidence of iOS components, overlaps in signing certificates, and connections to the Special Technology Center (STC). Learn about command and control infrastructure, job postings related to the project, and indicators of compromise. Discover remediation and forensic options for addressing this threat. Suitable for those with basic knowledge of Android features, domains, IP addresses, and common security terminology.

Syllabus

Intro
Special Technology Center (STC)
Surveillanceware Prevalence
Monokle-Agent
Dates when Monokle samples were signed
Observed samples
Targets
Detected Installations
Malicious Functionality
Android APIs
Direct App Database Access
Accessibility Service Usage
Screen Unlock Recording
Trusted Certificate Install
Hooking using Xposed
User-defined words for predictive text input
C2 Communication (Outbound TCP)
C2 Communication (SMS)
Thrift - Defining Interfaces
Thrift - Generating Code
Evidence of iOS components - GetKeychain/SetKeychain
Evidence of iOS components - Apns Registration
Overlap in signing certificates for Monokle and STC's APKs
Overlap in signing certificates with an STC employee's personal Android project
Android Software Development Projects by STC
Command and Control Infrastructure overlap
Job Postings
Developer, researcher ANDROID/IOS
Indicators of Compromise
Remediation and Forensic Options
Mobile Surveillanceware Trends
RS Conference 2020 San Francisco February 24-28 Moscone Center

Taught by

RSA Conference

Reviews

Start your review of Monokle - Mobile Surveillanceware with a Russian Connection

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.