Monokle - Mobile Surveillanceware with a Russian Connection

Explore the highly targeted Monokle surveillanceware in this 40-minute RSA Conference session presented by Adam Bauer and Apurva Kumar from Lookout. Delve into the sophisticated mobile surveillanceware's deployment methods, likely by nation-states, and its attribution to a Russian government contractor. Gain insights into the latest trends in advanced mobile surveillanceware development. Examine Monokle's malicious functionality, including Android API exploitation, direct app database access, Accessibility Service abuse, screen unlock recording, and trusted certificate installation. Investigate the evidence of iOS components, overlaps in signing certificates, and connections to the Special Technology Center (STC). Learn about command and control infrastructure, job postings related to the project, and indicators of compromise. Discover remediation and forensic options for addressing this threat. Suitable for those with basic knowledge of Android features, domains, IP addresses, and common security terminology.