Political activists connected to the Syrian civil war are launching cyber attacks using remote access tools (RAT), according to security firm Kaspersky.
Shock videos, fake security software and instant messaging are said to be used by hackers to spread the viruses, with attackers operating from Syria, Russia and Lebanon.
Kaspersky's global research and analysis team said: "The threat actors are becoming more organized, the number of attacks is increasing and the samples being used are becoming more sophisticated, while also relying extensively on powerful social engineering tricks that many people fall for."
It added that a leaked paper allegedly from Syrian president Bashar al-Assad's regime warning military units of chemical attacks is also used to spread viruses by email.
Victims are said to number more than 10,000, with some of the malicious files being downloaded in excess of 2,000 times. Recipients live throughout the Middle East, but also further afield in France, Morocco and the US.
"The victims infected when accessing the hacked forums and social networking sites tend to be ordinary users or activists, or specific targets if they receive the malware via email, Skype, or messages on social networking sites," Kaspersky added.