Kaspersky has put out a report on what I would refer to as a "child analogue" of the Stuxnet, Duqu, and Flame malware, dubbed "Gauss." For a condensed synopsis of the report, head here: Gauss: Nation-state cyber-surveillance meets banking Trojan. The trojan attempts to gather as much information from the computer as possible, and also attempts to steal banking credentials (which is a relatively unique feature of the malware). Gauss is most prevalent, so far, in Lebanon, and its financial credential thievery appears to be targeted at specific Lebanese banks. It has also been found in Israel and Palestine, but is surprisingly absent from Iran. Per the Kaspersky report:
I find it very interesting that a nation-state sponsored piece of malware would exfiltrate financial data, simply for the reason that it would be impossible to limit the scope of the malware to only target malicious actors (or whomever the malware was actually intended for). Then again, everything else the trojan does is criminal under US (and most international) law (data exfiltration, unauthorized access, etc.), so tacking on international banking fraud probably doesn't matter at this point.Gauss is designed to collect information and send the data collected to its command-and-control servers. Information is collected using various modules, each of which has its own unique functionality:► Injecting its own modules into different browsers in order to intercept user sessions and steal passwords, cookies and browser history.► Collecting information about the computer’s network connections.► Collecting information about processes and folders.► Collecting information about BIOS, CMOS RAM.► Collecting information about local, network and removable drives.► Infecting USB drives with a spy module in order to steal information from other computers.► Installing the custom Palida Narrow font (purpose unknown).► Ensuring the entire toolkit’s loading and operation.► Interacting with the command and control server, sending the information collected to it, downloading additional modules.
0 comments:
Post a Comment