According to Threatpost, another new malicious Android app – dubbed “Monokle”- is gaining attention. While Monokle has some interesting capabilities (e.g., making extensive use of Android accessibility services to exfiltrate data and predictive-text dictionaries to understand a target’s interests), it is still basically another malicious app.
Monokle is a highly-targeted malicious app (Monokle has been detected in a small set of Android apps that are only of interest to a select few peoples and regions), but media attention often drives security teams to raise the question: am I protected?
If you don’t have an enterprise mobile threat defense (MTD) solution, the answer is almost certainly “no.” For Zimperium customers, the answer is “yes”… just like it has been with other malicious apps – like Agent Smith – which we have posted about recently.
Our platform leverages our award-winning, disruptive and patented machine learning-based engine, z9, to protect mobile data, apps and sessions against device compromises, network attacks, phishing attempts and malicious apps.
The Monokle malware has the ability to self-sign trusted certificates to intercept encrypted SSL traffic, record a phone’s lock screen activity in order to obtain passcodes, and leverage accessibility services to gain access to third-party apps.
Candidly, it’s not surprising to find malware on Android phones. The reality is, Apple’s practice of vetting apps and developers, as well as its prohibition of third-party app stores, has resulted in it having about one-tenth the amount of malware on its iOS operating system as Google does on the Android operating system.
For anyone wanting to learn more about the risks and threats associated with mobile devices, networks, apps and phishing, please watch our on-demand webinar, “State of Enterprise Mobile Security.”