![]() ![]() So it sounds like they are kind of looking towards, you know, maybe more trusted applications as a, like a platform to be distributed is that where you’re seeing?Īpurva Kumar: For Monokle specifically I have to say that we don’t exactly know how. Lindsey O’Donnell Welch: Right, and that’s, I was gonna ask to kind of how they initially infected, you know, potential victims. ![]() ![]() So we usually hunt for these things using those sorts of capabilities. And then, because it’s familiar, so it gets packaged as something like, for example, Monakle was packaged as apps like Signal or Skype, so it may be a well known application, so it becomes easier for the user to want to install it, and then they get infected with the malware. Also, another technique is using trojan applications, which Monokle does use, and that’s basically they take a legitimate application, unpack it, inject some malicious functionality and then repackage it and perhaps spread it using, I don’t know, maybe some social engineering technique like phishing or something like that, and then market it to whoever or put it in front of the person who they may want to target. And when we come across something that perhaps the title or the functionality of the application is not in line with the permissions that it’s looking for, that is usually something that raises red flags. And so we start there, and we look deeper into the code. So sort of, in Android, you call them sort of dangerous permissions. So things like whether they’re accessing contacts and SMS, and video and photo. So we look for applications that have suspect capabilities. ![]() Lindsey O’Donnell Welch: What are you seeing when you’re first coming across surveillanceware? And how do you first kind of begin to start tracking it?Īpurva Kumar: Yeah, we start to look at capabilities first. And we spent quite a bit of time looking at the family trying to track down who was using it and who was developing it. But yeah, I’m very happy to speak about it here at RSA with my colleague, Adam Bauer. So it turned out to be actually a quite an exciting story, and one that was involved lots of late nights, and lots of fun. And then we were able to draw a couple of conclusions as to who the developer might be, and perhaps who it may be targeting. And with Monakle, we just happened to look at it again a few months later, when it started increasing in activity. And this happens all the time really like, we were looking for Android and iOS surveillanceware and we can happened across something. And at that time, we didn’t actually know its significance. Can you talk a little bit about what that surveillanceware is and maybe just kind of walk us through how you first discovered it?Īpurva Kumar: Sure. So Monakle is is a professionally developed piece of Android surveillanceware. And Lookout had a really interesting session at the RSA conference about surveillanceware and specifically a new surveillanceware called Monokle that you had discovered. Lindsey O’Donnell Welch: Well, you’re with Lookout. It’s definitely less overwhelming and much more time to enjoy the atmosphere and the people. It’s hugely exciting to be here for only the second time. How is your RSA going?Īpurva Kumar: It’s going pretty well. Lindsey O’Donnell Welch: Hi, everyone, this is Lindsey O’Donnell Welch with Threatpost, and I’m here today at the RSA conference joined by Apurva Kumar. For a lightly edited transcript of the video see below. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |