Security researchers recently unearthed a spying tool that managed to go undetected for the past seven years. Dubbed “The Mask” by those at Kaspersky Lab, the malware zeroed in on a wide range of high-profile targets for the better part of a decade using techniques and code more sophisticated than anything previously found in the wild.
Experts at Kaspersky say the malware specifically went after government agencies, diplomatic offices and embassies, research organizations and activists as well as those in the gas, oil and energy markets. It employed a combination of malware, rootkit methods and even a bootkit to remain undetected over the years.
Evidence indicates the tool was used for a number of malicious activities including theft of documents, encryption keys, VPN configuration details and Adobe signing keys. The latter would give the attacker the ability to sign .PFD files to appear as if they were authorized by the original owner.
Furthermore, the tool was designed to target files with extensions that Kaspersky isn’t familiar with. The firm said such files are likely part of custom government software and might have been used for encryption.
Experts believe the team that created The Mask are even more talented than those that were behind Flame, another sophisticated virus that most believe was designed to attack Iran’s nuclear program.
The security firm found nearly 400 victims across more than two dozen countries although most were located in Brazil and Morocco. As such, they believe the attacks may have been launched from a Spanish-speaking country.