Russian state-authored espionage malware up for sale

Malware

by CBR Staff Writer| 21 July 2014

New research claims the ‘undetected’ malware can wreak havoc.

Malware called Gyges, developed by the Russian intelligence service, has been leaked to cyber-criminals and has also been incorporated into ransomware and online banking Trojan toolkits, threat analysis company Sentinel Labs has claimed.

Gyges mainly targets Windows 7 and 8 users running 32 and 64-bit versions of the platforms.

What makes this sophisticated piece of malware worse is that it is virtually invisible and capable of operating undetected for long periods of time. Plus it also seems to have the stamp of a state.

However, Sentinel Labs' research added that with constant monitoring on endpoints, it does become difficult for the otherwise "invisible" malware to hide or evade detection.

In his research paper, Udi Shamir, head of research at Sentinel Labs, said: "We first detected Gyges with our heuristic sensors and then our reverse engineering task force performed an in-depth analysis.

"It appears to originate from Russia and be designed to target government organisations. It comes to us as no surprise that this type of intelligence agency-grade malware would eventually fall into cybercriminals' hands."

A notable fact about Gyges is that it uses less intrusive techniques and strikes when a user is inactive, in contrast to the more common technique of waiting for user activity.

Sentinel recovered government traces inside the carrier code, which it later connected to previous targeted attacks that used the same characteristics.

"At this point it became clear that the carrier code was originally developed as part of an espionage campaign," Shamir said.

Gyges code can be used for eavesdropping on network activities, key logging, stealing user identities, screen capturing and other espionage techniques, as per the research analysis.

The team also claims that Gyges can be used for money extortion via hard drive encryption (ransomware) and online banking fraud. It can also install rootkits and trojans, create botnets and zombie networks, and target critical infrastructure.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

754 people like this.
0 people follow this.

Malware Intelligence

Buy the latest industry research online today!
See more

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.