CallMe

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
CallMe is a type of malware, specifically a Trojan, designed to operate on the Apple OSX operating system. It was first analyzed in February 2013 by AlienVault, who discovered that it is based on a tool called Tiny SHell, an open-source OSX shell tool available on the internet. The CallMe Trojan has been linked to cyber espionage campaigns against the Uyghur community, showcasing its potential for targeted attacks and data theft. The CallMe malware is closely related to another malicious software known as FakeM Original. Evidence of this relationship is seen in the infrastructure overlap between the two, notably through the use of the fully qualified domain name (FDQN) "googmail.org". This domain was utilized by both CallMe and FakeM samples, indicating shared resources or potentially common creators or operators. In addition to FakeM, there's also an infrastructure overlap with other Trojans such as MobileOrder and Psylo. One of these overlapping domains was used in the 2013 CallMe activity concurrently with its use for FakeM MSN samples. This suggests that the threat actors behind CallMe may have a broad reach, managing multiple malware variants and targeting diverse systems. These findings underline the importance of maintaining robust cybersecurity measures to protect against such sophisticated threats.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
MobileOrder
1
MobileOrder is a sophisticated piece of malware designed to exploit mobile devices. It operates by registering itself as a device administrator, thus preventing users from simply uninstalling it through regular settings. MobileOrder communicates with its command and control (C2) server over TCP port
Psylo
1
Psylo is a new, previously unreported Trojan malware discovered by Unit 42 during an infrastructure analysis of FakeM Custom SSL variants. The malware was named after the anagram 'hnxlopsyxt', which is the mutex created when initially running the payload. Psylo has been found to have overlaps with F
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Trojan
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
FakeMUnspecified
1
FakeM is a malware family first exposed in 2013 by Trend Micro, named for its command and control traffic mimicking Windows Messenger and Yahoo. The malware primarily operates as a Windows backdoor, used extensively by the cyber-espionage group, Scarlet Mimic. Since its exposure, FakeM has undergone
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the CallMe Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Scarlet Mimic: Years-Long Espionage Campaign Targets Minority Activists