EFF and Lookout Security have published a report on a nation state APT targeting various industries and individuals with malware. Initial infection vectors are phishing via malicious documents and IM’s with links to either phishing sites or water hole sites that host trojanised versions of popular Android apps. A java RAT (CrossRAT) was used for Windows/Linux/OS X victims.
No fancy 0day’s or exploits were used in this campaign, just good old fashion phishing/watering holes. This campaign underscores the importance of user education around phishing and not trusting non-official app “sites”.