Careto: Complex Malware Has Been Targeting High Intelligence Value Individuals Since 2007
February 12th, 2014Via: Vice:
A surprisingly sophisticated malware named Careto has been infecting computers globally since at least 2007, a new report from security firm Kaspersky revealed today. While the virus, also known as The Mask, appears to have originated in a Spanish-speaking country—careto, a Spanish slang term for an ugly face, was found in the code—it’s so complex that it’s not clear the average hacker could have built it.
According to Kaspersky’s report, Careto is definitely aimed at power brokers—government and diplomatic targets, private companies (especially in the energy sector), research institutions, private equity firms, and activists—and 380 victims with over 1000 IP addresses in 31 countries have been found so far.
Aside from its targets, the truly notable thing about the virus is how flexible it is. The researchers write that it “includes an extremely sophisticated malware, a rootkit, a bootkit, 32- and 64-bit Windows versions, Mac OS X and Linux versions and possibly versions for Android and iPad/iPhone (Apple iOS).” Once a system is infected, Careto can access network traffic, log keystrokes, record Skype conversations, and hunt around for files—most notably PGP keys.
As you might expect based on the targets, finding sensitive data appears to be Careto’s specialty, “including encryption keys, VPN configurations, SSH keys and RDP files,” the report states. “There are also several extensions being monitored that we have not been able to identify and could be related to custom military/government-level encryption tools.”
More: Kaspersky (.pdf)
