Krampus-3PC is a peculiar piece of malware that operates online entirely and does not leave any files on the devices it compromises. Another unique thing about this malware family is that it makes several checks to determine the maker of the device that stumbled upon the infected page – this helps ensure that it will only affect Apple users, and Android users will be dodged. It is not clear where the threat actor behind the Krampus-3PC originates from, nor are there any clues on why they target Apple devices exclusively.
The Krampus-3PC malware targets mobile devices solely, and the attack happens when the user stumbles upon a malvertising page that is promoted by a legitimate advertising network typically. The threat actor behind the Krampus-3PC malware appears to have used legitimate means to get advertising networks to display their content, but they included a corrupted code at a later stage, enabling them to bypass the security measures implemented by online advertisers. Allegedly, the Krampus-3PC's code may be found on hundreds of online newspapers, news sites and blogs.
The Krampus-3PC Malware Harvests Personal Details and Tries to Collect Session Cookies
Users who stumble upon the pages laced with Krampus-3PC's code may experience multiple redirects that will take them to websites hosting an unsafe code that is meant to display a phishing page that can be used to harvest login credentials. Furthermore, Krampus-3PC also may display a fake 'grocery store reward' alert, which prompts users to enter personal details to collect their winnings. The information the attackers ask for includes the user's phone number, names, address, email and additional details. Users who supply their phone number to the attackers may start receiving phishing text messages whose purpose is to attempt to harvest the login credentials of the user.
The methods that the Krampus-3PC malware uses to determine the device's make and model are innovative, certainly, and the threat actor's ability to bypass the security measures implemented by online advertising networks are impressive. This might mean that the Krampus-3PC malware is the project of an experienced group of criminals, instead of just one individual.
Protecting your Apple devices from this threatening campaign can be complicated since there are no files involved in the attack. It is recommended to be extra wary of websites that offer free rewards and prizes, as well as avoid entering your personal data on unknown websites.