Researchers have linked the surveillance tool to a Russian tech firm that has been sanctioned for interfering with the 2016 U.S. presidential election. The malware has the ability to self-sign trusted certificates to intercept encrypted SSL traffic. It can also record a phone s lockscreen activity in order to obtain passcodes, and it can leverage accessibility services to gain access to third-party apps. Monokle has likely been used to target individuals in the Caucasus regions and individuals interested in the Ahrar al-Sham militant group in Syria.
Source: https://threatpost.com/monokle-android-spyware/146655/