

Unveiling “Careto” – The Masked APT [pdf] - ig1
https://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf

======
reirob
> What makes “The Mask” special is the complexity of the toolset used by the
> attackers. This includes an extremely sophisticated malware, a rootkit, a
> bootkit, 32- and 64-bit Windows versions, Mac OS X and Linux versions and
> possibly versions for Android and iPad/iPhone (Apple iOS).

> When active in a victim system, The Mask can intercept network traffic,
> keystrokes, Skype conversations, PGP keys, analyse WiFi traffic, fetch all
> information from Nokia devices, screen captures and monitor all file
> operations.

> The malware collects a large list of documents from the infected system,
> including encryption keys, VPN configurations, SSH keys and RDP files. There
> are also several extensions being monitored that we have not been able to
> identify and could be related to custom military/government-level encryption
> tools.

Edit:

> We have detected traces of Linux versions, and possibly versions for
> iPad/iPhone and Android, however we have not been able to retrieve the
> samples.

------
hobbes78
Though it is said the word comes from Spanish, I, as a Portuguese can only
think of the pre-historic Celtic tradition... This year it happened again just
two days ago...

[http://en.wikipedia.org/wiki/Careto](http://en.wikipedia.org/wiki/Careto)

