By Charles Leaver

“Mask” malware exposed after years of operations

A security solutions provider has discovered a piece of spyware that may be the most sophisticated and threatening of its kind. Kaspersky released a report on Feb. 10 detailing the existence of “Careto” (Spanish slang for “The Mask”) – a piece of spyware that Kaspersky says has been used in cyber-espionage efforts since 2007 or earlier. The revelation that a piece of spyware has been conducting its malicious business undetected for the better part of a decade points to the need for more stringent endpoint protection software on personal and business computing devices. Indeed, we do not live in an age where we can take our cybersecurity for granted.

A growing threat
The targets of The Mask run the gamut from government institutions to activists. According to ZDNet, the malware worms its way into its victims’ system by posing as email links from legitimate enterprises like the Washington Post and Youtube. Once the unsuspecting victim clicks the link, The Mask in unleashed, and begins its process of collecting privileged personal information like encryption keys and RDP files.

Attacks have so far struck 31 countries and 380 unique victims. Morocco, Brazil and the UK are among the countries hit hardest by the attacks. The U.S. was not spared either, claiming 22 IP victims so far.

The global nature of the leads Kaspersky to believe that a nation-state may be behind its development. As Kaspersky’s global research and analysis team director Costin Raiu told the Los Angeles Times, “We observed a very high degree of professionalism in the operational procedures of the group behind this attack. This level of operational security is not normal for cyber-criminal groups.”

Kaspersky claims that in the midst of compiling the report on The Mask, the spyware ceased operations.

Get the Blog Here