Santa APT, 3 Minute Profile

Santa APT achieved this name because some of their malware masqueraded as Santa Claus applications, steals intellectual property for economic gain. Cloudsek believes that the malware developers are located in South Asia. Santa APT came to the attention of security professionals who noticed them selling information stealer malware, capable of jumping air gapped systems, on underground markets. The attackers were using the malware to steal classified data from software companies and government organizations. The malware collects files and screenshots and stores them in hidden files on any connected USB device. When the device is connected to an internet enabled system, the data is sent back to command and control infrastructure located in Germany. Empty voice recording and key log files on the C2C servers suggest that the malware is still under development. Cloudsek claims to have found the malware attributed to the group masquerading as Santa Claus mobile games, which had infected about 8000 systems. The malware stole contact lists, SMS messages, call records, location information, calendars, pictures, video, environment readings, camera specifications, browser history, program information, sim card information, and device status.