Sophisticated malware dubbed 'The Mask' went undetected for the past seven years

By on February 11, 2014, 7:00 PM
malware, virus, spying, flame, the mask

Security researchers recently unearthed a spying tool that managed to go undetected for the past seven years. Dubbed “The Mask” by those at Kaspersky Lab, the malware zeroed in on a wide range of high-profile targets for the better part of a decade using techniques and code more sophisticated than anything previously found in the wild.

Experts at Kaspersky say the malware specifically went after government agencies, diplomatic offices and embassies, research organizations and activists as well as those in the gas, oil and energy markets. It employed a combination of malware, rootkit methods and even a bootkit to remain undetected over the years.

Evidence indicates the tool was used for a number of malicious activities including theft of documents, encryption keys, VPN configuration details and Adobe signing keys. The latter would give the attacker the ability to sign .PFD files to appear as if they were authorized by the original owner.

Furthermore, the tool was designed to target files with extensions that Kaspersky isn’t familiar with. The firm said such files are likely part of custom government software and might have been used for encryption.

Experts believe the team that created The Mask are even more talented than those that were behind Flame, another sophisticated virus that most believe was designed to attack Iran’s nuclear program.

The security firm found nearly 400 victims across more than two dozen countries although most were located in Brazil and Morocco. As such, they believe the attacks may have been launched from a Spanish-speaking country.




User Comments: 14

Got something to say? Post a comment
Guest said:

I didn't knew that NSA was located in an Spanish speaking country. :p

1 person liked this | MilwaukeeMike said:

Experts believe the team that created The Mask are even more talented than those that were behind Flame, another sophisticated virus that most believe was designed to attack Iran's nuclear program.

I wonder how many more are out there. Computer hacks are a lot cheaper and easier than bringing an army over to turn off Iran's centrifuges, or worse yet deal with the aftermath of trying to find Israel.

VitalyT VitalyT said:

Just ask Jim Kerry

OneSpeed said:

Brazilians speak Portuguese for the most part, and not Spanish.

veLa veLa said:

Pretty awesome that it references file extensions that a high ranking anti-virus company like Kaspersky isn't even sure what it's for.

Guest said:

So those antivirus companies which lambasted the performance of microsoft security essentials (or windows defender) were just as bad?

Guest said:

guest:

I didn't knew that NSA was located in an Spanish speaking country. :p

NSA = Nacional Seguridad Agencia

OneSpeed:

Brazilians speak Portuguese for the most part, and not Spanish.

agree with you sir!

on topic:

is unplugging from the 'net the only safe and sure way to prevent hacking?

TS-56336 TS-56336 said:

Kaspersky Lab guys are UberKool

Twixtea said:

Pretty sure they have something new up their sleeves by now as it took seven years to find 'the mask'.

1 person liked this | Skidmarksdeluxe Skidmarksdeluxe said:

I saw 'The Mask' with Jim Carey many moons ago. I don't understand how the so called experts have only just found out about it now. xp

Kibaruk Kibaruk, TechSpot Paladin, said:

Brazilians speak Portuguese for the most part, and not Spanish.

For all I know they only speak Portuguese, some may learn spanish the same way some learn english.

Guest said:

"is unplugging from the 'net the only safe and sure way to prevent hacking?"

No that isn't even safe anymore. There was an article on here a while ago about how the NSA has developed a way to be able to access info without you being on the net. Although that means they have to physically plant a bug. But it's still possible.

Guest said:

They have been ale to read data from your hard drive about 15 years ago with or without your computer being on

Raoul Duke Raoul Duke said:

"is unplugging from the 'net the only safe and sure way to prevent hacking?"

No that isn't even safe anymore. There was an article on here a while ago about how the NSA has developed a way to be able to access info without you being on the net. Although that means they have to physically plant a bug. But it's still possible.

There have been articles that state the NSA have diverted orders of computer/IT stuff, done whatever it is they do to it, and ship it to the person/company that has ordered it, without the knowledge of the recipient

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.