Cybercrime Group Uses Christmas-Themed Apps to Spy On User's Device


Well for those who are still now aware Santa-Ap is a new cybercrime syndicate that developed malware to spy on its target using Christmas-themed both desktop and mobile apps. The group was first discovered by CloudSek, a SaaS-based security vendor that was initially monitoring a hacking group peddling a trojan on
the black market. First they discover that this trojan targeted desktop device and included quite advanced
exfiltration capabilities, along  with support for air-gapped systems (USB drives).

The trojan is capable of stealing files from the local computer and making screenshots. CloudSek have also taking their time to follow through on its investigation and uncovered that the trojan was sending all stolen data to a particular C&C server. The company's security researchers notwithstanding breached the server and discover that its operators have amassed more than 120GB of stolen data.

Read Also; Japan Has finally Come Out With The Most Slimmest Windows 10 Mobile Smartphone

They also discovered that for each victim, the trojan would create a different folder on the C&C server, where it sent data. The content of the folder also included two directories for voice recordings and keylogger data. But CloudSek researchers claim that no such functionality exists in the trojan, so for now, the malware still seems to be a work in progress.

They also tracked down the server's operators and found out the server was rented by a company from South Asia. Which for now they have declined to name it, and only referred to it as Santa-APT. In-fact from their subsequent investigation, they found out that the company was diversifying its activities and was busy hiring mobile developers.

Read Also; What To Expect From The Latest Nokia C1 And Their Specs

They further revealed a mobile malware piece linked to the same company. The malware had advanced spying capabilities and was distributed via Christmas-themed applications on both Android and iOS platform. Though CloudSek fail to reveal the name of the apps.

But according to their analysis, this mobile malware was capable of stealing contact lists, SMS messages, calls records, location info, calendar data, media files, browser history, SIM card and even phone details. Additionally, the mobile malware was also able to tap into the phone's microphone and camera to make environment recordings.

CloudSek security researchers detected around 8,000 such infections, and also tracked down the mobile malware's backend panel. Thought for now we are still contacting CloudSek concerning the name of the company and other important details about them and the names of the infected apps.

Lets Talk About It! Join Me Please