Santa Claus Malware In Christmas Apps Targeting Android, iOS, PC Users

A group of hackers have designed a malware for users looking out for Christmas themed desktops and mobile apps — The malware is targeting iOS and Android users.

The Santa-APT was discovered by CloudSek, a security firm who was researching on a malware in the black market.

Capabilities of the Malware

This newly discovered malware can steal the file from the system and can create screenshots from the desktop on its own. It also has the support for USB drives and has advanced exfiltration capabilities.

Screenshot Credit: CloudSek

Further analysis of the malware revealed the C&C server the malware was using to store all the stolen. The researchers found the malware to have gathered over 120 GB of data so far.

The Santa malware has been identified at the same time when researchers exposed Bible and Quran apps infected with spying trojan.

Work in progress

They also looked at how the malware was storing data and found that for each victim, it creates 2 folders one for storing voice recordings and other for keyloggers data. Though, currently malware doesn’t have these capabilities but it seems the developers are working on it and soon malware will be able to extract data of such nature as well.

Server from South Asia

They also found the server’s location and also the company that has rented the server to Santa-APT, but they didn’t disclose the name of the company, however, the company behind renting this server is based in South Asia.

Malware on Apple and Android stores and collects following things:

The malware also works on mobile OS such as Android and iOS, but the name of this app wasn’t disclosed.

The mobile malware is able to steal Browser History, Contacts, Camera, Call Records, Calender, Cam Shots, Change Sim Card, SMS, Environment Recordings, Program Info, Location Info, Device Status and videos.

Screenshot Source: CloudSek

Furthermore, the malware has the ability to use phone’s microphone and camera to record the surroundings.

Not enough to go on for the users

CloudSek has so far found 8000 infections from this malware and has also tracked down malware’s backend panel.


But, it’s unclear on why the firm didn’t disclose on the aspect of this malware in full as it can be useful for the users to identify the app or software which contains this malware. We hope to see the full disclosure soon.

In the meantime be careful while downloading apps this holiday season as this is the most profitable season for the cyber criminals to infect users and earn some bucks.


Related Posts