New APT has Wide Range of Targets

Tuesday, December 22, 2015 @ 03:12 PM gHale

An unnamed South Asian software development consulting firm that creates software for employee monitoring apparently is trying its hand at being an APT player, researchers said.

“The targets of this APT are so diverse, ranging from government officials, high profile individuals to engineers from technology companies,” said CloudSek CTO Rahul Sasi in a blog post.

Microsoft Drops 20 CAs
Cisco Working to Fix Deserialization Holes
Java App Servers Vulnerable
Oracle Issues Security Patches

The group called Santa APT is targeting software companies and individuals around the world, looking for and exfiltrating confidential information with the help of two distinct pieces of malware they have created.

The first one is desktop malware that hides on the target computer and collects files and screenshots, then sends it to the attacker’s servers.

The malware can also collect data from air-gapped systems with the help of a USB module.

The module copies important data from an infected system to a USB device, and sends it out when it reaches an infected system that has Internet access.

The second malware targets Android devices. It is bundled in various Christmas-themed games and apps, and offered for download online.

The permissions these apps ask are extensive and could end up viewed as “too much” by some, but apparently there are at least 8,000 users who have decided to grant them and install one of these apps.

The researchers managed to access the control panels on the C&C servers for both threats, and discovered the mobile malware collects and exfiltrates to the servers the following information: User’s contacts, text messages, call records, location info, calendar contents, photos and videos, browser history and more.