Ho ho hosed: Asian biz malware pwns air-gaps, thousands of Androids
Santa game gets on Play Store, stuffs SMS, contacts into sleigh and doesn't leave pressies
CloudSek security bod Rahul Sasi says an Asian software development company is stealing sensitive defence software source code from air-gapped computers while also using a malicious Christmas app to hose thousands of Android handsets.
The penetration tester found the onslaught from an unnamed software company that was actively recruiting developers to help attack organisations.
It's malicious Android Santa game app is still hosted on the Google Play Store and is capable of stealing "basically everything" from phones, Sasi says.
It is unknown how the malware got past Google Play's bouncer security but that has been accomplished many times before.
Sasi who operates the threat intel company suspects it may be because the game appeared to legitimately require the access requirements it sought.
He told Vulture South the separate desktop malware was hopping air-gapped machines to steal sensitive information from high-profile organisations around the world sucking down documents and screenshots.
"CloudSek was monitoring an underground hacking team that was selling a desktop malware in various underground forums," Sasi says .
"The desktop malware is specifically designed for jumping air-gapped systems [and] targeting classified data from software companies and government organisations."
Sasi says the malware admin panel shows it will likely be upgraded with key-logging and audio recording features.
The Santa game malware is but one of a host of Christmas themed malicious apps from the Asian p0wn house capable of stealing contacts, SMS, video and films, location data, and call and browser histories.
The admin panel hosted on German servers contains a slick interface with real-time information on stolen data from thousands of hosed users. ®