Santa-APT: Android and Blackberry Malware Technical Analysis Part 2

CloudSek is an artificial intelligence technology-based risk management enterprise, which focuses on customized, intelligent security monitors.

Cloudsek’s SaaS-based products help a client, assess security real-time from the perspective of an attacker 24*7. Our monitors track our client’s various Internet-based resources for potential security risks. Instead of using traditional static threat detection engines and manual verification process our monitors use Machine Learning and Artificial Intelligence to identify threats.

The blog is an analysis of some critical information CloudSek acquired from our data partner.

At CloudSek we monitor and attribute all potential threats that affect Cloud services. In our previous blog we wrote about a group of attackers code named as Santa-APT that was functioning as a cyber crime unit as well as an APT. This team targeted Cloud servicing vendors as well.

Santa-APT team had multiple games and apps on Playstore as well as other android markets. These games never had all permissions required to do full data theft. The actual malware payloads came as updates.  They not only had Android Malwares but Blackberry versions too. In this blog we will provide more technical details regarding their payloads. Continue reading

Crimeware / APT Malware Masquerade as Santa Claus and Christmas Apps

addtext_com_MTcwNzQ3MTQ2NDA3

CloudSek is an artificial intelligence technology-based risk management enterprise, which focuses on customized, intelligent security monitors.

Cloudsek’s SaaS-based products help a client, assess security real-time from the perspective of an attacker 24*7. Our monitors track our client’s various Internet-based resources for potential security risks. Instead of using traditional static threat detection engines and manual verification process our monitors use Machine Learning and Artificial Intelligence to identify threats.

The blog is an analysis of some critical information CloudSek acquired from our data partner.

Overview:

CloudSek monitors were researching the activities of an APT [Advanced persistent threat ] that is targeting software companies globally.What is interesting is this APT appear to conduct widespread intellectual property theft for economic gains, targeted individuals as well as performed intelligence gathering that would be useful for governments. Based on our analysis , the attacker have recently launched campaigns to target Christmas season. Malware masquerades as Santa Claus and many similar Christmas Apps. Continue reading