Cybercriminals are increasingly touting decoy versions of popular applications that include surveillance software, such as Skype and Signal. Apurva Kumar, a security intelligence engineer, said that one of the monitoring software families found using this strategy is Monokle, a complex set of custom Android monitoring software. Kumar said that she sees the increasing complexity of threat actors distributing surveillance software in 2020, especially because they rely more on device exploits. According to Kumar,
“Threats are starting to move away from the simple installation of applications and starting to move more onto the device and device exploitation side. So definitely, as always, there will always be an increase in sophistication and complexity of these actors as they try to find new and novel ways of getting onto their targets’ device.”
At the RSA meeting, Kumar’s team shared something interesting including monitoring software, especially a new type of monitoring software called Monokle that they found. Monakle is a professionally developed Android monitoring software. They met in early 2018. At that time, they did not actually know its importance. Moreover, this situation has been happening, just like they are always looking for Android and iOS monitoring software, they may encounter many things.
One technique is to use the Trojan horse application that Monokle does use, which is basically a legitimate application that they unzip, inject some malicious features, then repackage and maybe use some social engineering they don’t know to spread techniques such as phishing, and then sell it to anyone, or place it in front of the target object they may want to locate. Then, because it is familiar, it is packaged as something similar, for example, Monakle is packaged as an application such as Signal or Skype, so it may be a well-known application, so it becomes easier for users to install it And then they were infected with malware.
LIFARS’ Secure Code Review service helps reducing overall development costs by identifying and eliminating security gaps within an application while still under development. An application is as secure as its weakest link in code, that’s why starting early and removing code errors before they turn into security risks will be rewarded by lower software maintenance costs. Security should be at the core of any application development process, securing the code arguably brings the most security benefits compared to other activities.
Use of Recognized Frameworks – LIFARS’ Secure Code Review methodology adheres to recognized and well-respected industry frameworks, including OWASP Software Security Assurance Process (OSSAP), ITIL Version 3 Service Lifecycle for Application Support, ISO/IEC 27034, NIST SP 800-37/64, and others.
Automated & Manual Reviews – Our process is composed of two parts: automated and manual code reviews. We select the best-automated tool, optimize the configuration, and deploy the tool to scan for security vulnerabilities in the static source code. The manual code review follows – our Cyber Resiliency Experts review the source code and evaluate the findings for validity.
Advanced Threat Modeling – Threat Modeling has become an essential part of SDLC and ensures that applications under development have security built-in from the beginning. It helps to understand specific threats an application will face and implement defensive measures. Our Cyber Resiliency Experts develop proactive Threat Models that use the attacker’s viewpoint to assess threats and documents each step of the process.
