Skip to main content

Red October Malware Comes Back To Infect Windows Phones, Android, And Jailbroken iPhones

A new highly complex malware, classified as an "advanced persistent threat," much like the recently discovered Regin malware, has been found in the wild by Kaspersky Labs and Blue Coat. One company is naming it "Cloud Atlas," while the other calls it "Inception."

Both seem to believe it comes from the makers of Red October espionage malware that targeted high-level executives from the oil and financial industries as well as government officials. The new malware has the same type of targets in sight, and it's been found in the same countries. The countries most targeted by this malware have been Russia and Kazakhstan, but India, Belarus, Czech Republic, Romania, Venezuela, Mozambique, Paraguay, Romania and Turkey are also on the list of countries where Cloud Atlas/Inception infections have been found.

Cloud Atlas/Inception infected Android, iOS, Windows Phone and BlackBerry (through some Android apps), but also the desktop version of Windows. On mobile, the malware would come as a fake Whatsapp update, while on the desktop, it would infect users through a Visual Basic script that people could download from email attachments as part of received documents. The attackers would control the malware through their free accounts on the Swiss cloud storage company, CloudMe.

The malware's origins seem to be heavily obfuscated. Its code contains "bread crumbs" that led the researchers to multiple countries and regions including China, South Korea, Russia, India, Eastern Europe, Russia, Ukraine, Middle East, UK and even the U.S. Whoever built it wanted to make it very difficult for others to pinpoint their location.

Blue Coat warns users to be on the lookout for unauthorized WedDAV traffic or "regsvr32.exe" constantly running in the process list. Users should also watch out for emails containing RTF documents and MMS messages that tell you to update certain apps.

The usual recommendations to keep your devices safe also apply: stay up to date, don't install apps from untrusted sources, and don't root or jailbreak devices to give yourself (and therefore any attacker as well) full control.

Follow us @tomshardware, on Facebook and on Google+.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • webdev511
    I'm calling BS with the Title and Story because neither of the sources says anything about Windows Phone being susceptible.
    Reply
  • iam2thecrowe
    I'm calling BS with the Title and Story because neither of the sources says anything about Windows Phone being susceptible.
    that and "obfuscated" sounds like a made up word?
    Reply
  • alextheblue
    that and "obfuscated" sounds like a made up word?
    You know, five seconds with a search engine would have saved you from a slightly embarrassing post. ;)
    Reply
  • alextheblue
    I'm calling BS with the Title and Story because neither of the sources says anything about Windows Phone being susceptible.

    Even if it was susceptible it doesn't seem like it would be likely to happen very often. I don't even know anyone that runs an unlocked WP device. It generally isn't necessary... it runs well in stock form even on lowend devices. Also, you can take an unmodified WP device and uninstall carrier/manufacturer apps. Developers can get their phones unlocked, if course. But I doubt they'd be installing random unknown apps from an untrusted source.
    Reply
  • iam2thecrowe
    14800152 said:
    that and "obfuscated" sounds like a made up word?
    You know, five seconds with a search engine would have saved you from a slightly embarrassing post. ;)

    I'm not embarrassed. I'm sure most people would need to do the search to find out what the word means, i just couldn't be bothered as i don't think there would be a reason to ever use the word, nor have i ever heard anyone use it previously. The writer of the article should use less obfuscating words.....
    Reply
  • Flying-Q
    It is precisely that refusal to bring less used words in to more common use that is reducing peoples' familiarity with the wider lexicographical content of the English language. We are all worse off for that lack of precision in communication. 'Obfuscated' has an implied choice by the obfuscator to hide a thing where 'hidden' does not imply that choice.
    Reply
  • phillipnolan
    Willful ignorance in the face a threat. that is just plain frightening. no one is even fighting entropy any more.
    Reply
  • hotwire_downunder
    @ iam2thecrowe

    You are cretinous

    See..? that took me just 10 second search on thesaurus.com and I leanred a new word today!
    Reply
  • chenw
    Is it just me or is there no one who suspects the reason why only Jailbroken and non-iPhones are suspectible?
    Reply