A Russian defence contractor accused of supporting cyber-attacks has developed sophisticated software to spy on smartphones, an American security company said.
St. Petersburg-based Special Technology Center (STC) developed code aimed at a small number of targets, including a rebel militia in Russian-allied Syria, security firm Lookout said in a report.
Lookout, specialising in securing mobile devices against cyber-attacks, detected samples of the malware aimed at phones running Google’s Android almost a year ago.
It declined to say whether the samples were found on user phones or where the attacks were detected.
The United States and other Western countries accuse the Russian government and companies working on its behalf of cyber-attacks against organisations worldwide.
The Kremlin repeatedly denied the allegations it maintains are not supported by evidence and did not respond to a request for comment on Lookout’s findings.
STC did not respond to a request for comment either.
Investigators at Lookout, headquartered in San Francisco and producing mobile security software for US government agencies and consumers, said the spyware was named Monokle after a term in the code.
Monokle can be remotely operated and communicates with an Internet Protocol address used to send commands to STC defensive software.
“Monokle is an advanced and full-featured surveillanceware which implements several features we haven’t seen before to capture data,” Lookout said in a statement to Reuters.
The programme can be installed on devices in multiple ways, including corrupted versions of popular apps. In some cases, it installed certificates allowing it to intercept encrypted internet traffic.
It also attempted to capture user codes for unlocking devices.
The United States sanctioned STC and two companies in 2016 for engaging in “malicious cyber-enabled activities,” including providing support to Russian military intelligence agency. STC is better known for manufacturing drones and other equipment for the Russian military.
Spyware aimed at phones is a varied and competitive field, with sophisticated versions like Monokle sold to national governments, turnkey hacking services sold to police and cheap “spouseware” sold to individuals tracking romantic partners or family members, often illegally.
Vendors at all levels suffered hacks in recent years, including some who sold high-end tools to the West, by anonymous people claiming to act for moral reasons. Russia is accused by US authorities of stealing hacking tools from American agencies.