Mask malware takes aim at governments and activists
- Published
Sophisticated malware aimed at governments and finance firms was probably created by a nation state, say security researchers.
Mask was uncovered by Kaspersky Labs and the code is thought to have been targeting victims for seven years.
The software is among the "most advanced threats" the company has ever seen, it said in a lengthy analysis, external.
The web-wide activities of Mask stopped last week soon after Kaspersky revealed its existence.
Language link
Kaspersky said Mask had hit targets in 31 countries and infected more than 380 separate organisations and businesses.
It used a variety of techniques to compromise machines and, in some cases, its creators seem to have bought undocumented vulnerabilities in software in order to penetrate some targets.
Different versions of Mask were prepared by its creators so no matter what operating system people used, be it Windows, Apple iOS or Linux, they were vulnerable. Kaspersky said it also suspected that versions of Mask were available that could attack Android or Apple smartphones.
The software gets its name from the regular appearance of the Spanish word for mask (Careto) in its core code. Other hints in the code suggest it originated in a Spanish-speaking nation.
Kaspersky said it suspected Mask was created by a nation state to help it spy but declined to speculate about which country was behind it.
Top of the target list were organisations in Morocco but institutions and companies in Brazil, the UK, France and Spain and many other nations were also caught out.
As well as governments and private equity firms, other victims included embassies, oil and gas companies, activist groups and research labs. Once it managed to infect a system, the virus stole documents, encryption keys, private network credentials and remote access information.
Soon after Kaspersky uncovered Mask it took action with other computer firms to shut 90 of the command-and-control systems keeping it running.
So far, said Symantec security researcher Liam O'Murchu, it was not clear who was behind Mask or what they were after.
"Just looking at the targets, it is not obvious who would want to target them; there is no obvious pattern," he told Reuters.
"The code is professionally written, but it's even difficult to say whether is it written by a government or by a private company that sells this type of software."
- Published5 February 2014
- Published9 October 2013
- Published3 February 2014