Espionage malware the Mask is surprisingly old fashioned

Security

by Jimmy Nicholls| 12 June 2014

Have hackers from the 90s made a comeback?

A family of espionage malware described by Kaspersky as one of the "most advanced global cyber-espionage operations to date" has been found to use old fashioned techniques to harm its victims.

IT security firm Context discovered that the Mask, also known as Careto, infects the first executable that loads as Windows boots, a trick "plucked out of the history books" that gives hackers control of an operating system's security.

Kevin O'Reilly, a senior researcher at Context, said: "This discovery seems to suggest that old tricks are sometimes the best and also begs the question; is this a nod of respect to the virus writers who wreaked havoc in the 90s or have they come out of retirement to develop a new nation-state cyber-weaponry arsenal?"

The use of a "bootkit" to attack an operating system before it has loaded makes the Mask "a very potent weapon", but Context believe this style of attack has been neglected by the security industry.

The Mask also has the ability to record keystrokes, intercept Skype calls and interfere with wireless activity, and hackers can use it to steal encryption keys as well.

"Now that it has been discovered, anti-virus vendors have added detection to their products so it is no longer a real risk," O'Reilly said.

"The historical attack vector was targeted phishing emails or spear phishing with infected attachments, but is unlikely that this is still happening using this specific toolset.

"What is unclear is whether this is a one off or a trend to watch out for."

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.
Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.