Kaspersky Lab engineers have identified a sophisticated virus named the mask that would crack for 7 years. Presented as a state implementation, it would specifically targeted government agencies and embassies of several countries.
According to researchers at Kaspersky Lab, The Mask virus also named Careto would crack since 2007 and would have technical and programming code surpassing all “state” malware discovered till now. According to Kaspersky, this high degree of sophistication and ability to remain hidden is not normal for cybercriminals groups. It seems that the virus has been active since 2007 until last month when the control servers were disabled following an investigation by the Russian publisher. Its most active period was in the year 2012. Its main targets were government and semi-governments firms, power companies, university and research institutions, the private equity firms or political activists. 31 countries have been targeted. Kaspersky Lab indicates that 380 individuals or organizations were identified as victims. Morocco and Brazil are the main destinations covered by the United Kingdom and France.
An ultra-complete arsenal
Kaspersky says that the malware uses various sophisticated in particular to hide while remaining in infected machines methods. He would be able to steal documents, encryption keys, data related to VPN configurations, key Adobe signature, thus giving hackers the opportunity to sign PDF documents as if they were themselves owners of the keys. “This is an elite group in Advanced Persistent Threat – which uses sophisticated methods to maintain its footprint in infected machines,” says by director of research of an antivirus company. “So far I think the effective APT group was behind the Flame malware and these guys are stronger.” It was discovered by the same Kaspersky publisher in 2012, was designed by the same team behind Stuxnet, the malware that attacked centrifuges at Natanz in Iran. Stuxnet was created by U.S. and Israeli teams and nothing says Kaspersky claimed that it is the same people who act behind The Mask. However, the editor indicates that the designers of this program are people whose native language is Spanish.
Perhaps iOS versions
Kaspersky thinks it is a state virus given its sophistication but also because it contains a feat possibly supplied by Vupen, specializing in providing exploits zero-day type to intelligence agencies. Vupen however denied that the feat comes from home. The Mask exist under both Linux and Windows versions of Kaspersky but researchers do not exclude that there are also versions for smartphones and tablets in the Android and iOS environments. Module siphoning data uses two layers of encryption, RSA and AES for communication with servers command & control.