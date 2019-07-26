A Canada-based cybersecurity company, Lookout, has recently found Android spyware lurking in fake apps that mimic Pornhub, Google Play, Evernote, and other popular Android apps.

The company has alleged that the spyware was created by one of the surveillance providers frequently utilised by the Russian government.

Researchers from Lookout have claimed in a report that the source of the malware-ridden apps was Special Technology Center (STC), a Russian defence contractor and developer of the tool Monokle.

STC has previously made headlines when it was hit with sanctions over the 2016 US election hacks.

The researchers claimed that the fake apps used Monokle to gain sensitive user information. Monokle can record a device’s screen during a screen unlock event, allowing it to compromise a user’s PIN, pattern or password, they said.

The malware has been targeting Android phones since 2016, but saw a spike in activity last year. According to Lookout’s report, “Monokle appears in a very limited set of applications, which implies that attacks using Monokle are highly targeted. Many of these applications are trojanized and include legitimate functionality, so user suspicion is not aroused. Lookout data indicates that this tool is still being actively deployed.”

The report claimed that Monokle was likely to be targeting English speakers, people interested in the Ahrar al-Sham militant group in Syria, and individuals residing in the Caucasian region. However, according to Adam Bauer, senior staff security intelligence engineer at Lookout, it would be impossible to identify the specific group of English speakers who are being targeted, given the popularity of the fake apps.

Bauer was also unable to explain how the targets were being conned into downloading the fake apps. Lookout confirmed that both Apple and Google had been made aware of the findings.

While Forbes claimed that Apple had not responded, Google stated that the fake apps were not hosted on its official platform, Play Store.

Android users should receive a Google Play Protect warning if malware is detected on a device.