CloudSek CTO Rahul Sasi claimed that a group calling itself the “Santa-APT” is hiding information-stealing malware inside Santa and other Christmas-themed mobile apps.

“Given the type of documents the attackers are seeking, it was collecting classified data from software companies and government organisations,” Sasi explained. The group was first spotted selling desktop malware on underground forums.

Once it grabs files and screenshots, it sends the info to a Command and Control center in Germany. CloudSek also discovered unused folders for keylogs and voice recordings, hinting that the trojan may still be in development.

The group is actively looking for app developers and is pushing out Christmas-themed mobile games loaded with malware. The info is then sent back to the same C&C servers in Germany.

The apps are designed to steal a variety of info including contacts, SMS, call records, location info, calendar, photos, and browser history.

“This Christmas make sure you think about security before installing an app,” he warned.

“Verify the permissions you are granting an application before accepting them. Ensure that an application has enough legitimate reviews. And last but not the least, do not let someone else install any application on your official/personal devices.”

Source: InfoSecurity