A new highly complex malware, classified as an "advanced persistent threat," much like the recently discovered Regin malware, has been found in the wild by Kaspersky Labs and Blue Coat. One company is naming it "Cloud Atlas," while the other calls it "Inception."
Both seem to believe it comes from the makers of Red October espionage malware that targeted high-level executives from the oil and financial industries as well as government officials. The new malware has the same type of targets in sight, and it's been found in the same countries. The countries most targeted by this malware have been Russia and Kazakhstan, but India, Belarus, Czech Republic, Romania, Venezuela, Mozambique, Paraguay, Romania and Turkey are also on the list of countries where Cloud Atlas/Inception infections have been found.
Cloud Atlas/Inception infected Android, iOS, Windows Phone and BlackBerry (through some Android apps), but also the desktop version of Windows. On mobile, the malware would come as a fake Whatsapp update, while on the desktop, it would infect users through a Visual Basic script that people could download from email attachments as part of received documents. The attackers would control the malware through their free accounts on the Swiss cloud storage company, CloudMe.
The malware's origins seem to be heavily obfuscated. Its code contains "bread crumbs" that led the researchers to multiple countries and regions including China, South Korea, Russia, India, Eastern Europe, Russia, Ukraine, Middle East, UK and even the U.S. Whoever built it wanted to make it very difficult for others to pinpoint their location.
Blue Coat warns users to be on the lookout for unauthorized WedDAV traffic or "regsvr32.exe" constantly running in the process list. Users should also watch out for emails containing RTF documents and MMS messages that tell you to update certain apps.
The usual recommendations to keep your devices safe also apply: stay up to date, don't install apps from untrusted sources, and don't root or jailbreak devices to give yourself (and therefore any attacker as well) full control.
Follow us @tomshardware, on Facebook and on Google+.
