Mask malware takes aim at governments and activists

Gas flare Gas and oil companies were among targets hit by the Mask malicious software

Related Stories

Sophisticated malware aimed at governments and finance firms was probably created by a nation state, say security researchers.

Mask was uncovered by Kaspersky Labs and the code is thought to have been targeting victims for seven years.

The software is among the "most advanced threats" the company has ever seen, it said in a lengthy analysis.

The web-wide activities of Mask stopped last week soon after Kaspersky revealed its existence.

Language link

Kaspersky said Mask had hit targets in 31 countries and infected more than 380 separate organisations and businesses.

It used a variety of techniques to compromise machines and, in some cases, its creators seem to have bought undocumented vulnerabilities in software in order to penetrate some targets.

Different versions of Mask were prepared by its creators so no matter what operating system people used, be it Windows, Apple iOS or Linux, they were vulnerable. Kaspersky said it also suspected that versions of Mask were available that could attack Android or Apple smartphones.

The software gets its name from the regular appearance of the Spanish word for mask (Careto) in its core code. Other hints in the code suggest it originated in a Spanish-speaking nation.

Kaspersky said it suspected Mask was created by a nation state to help it spy but declined to speculate about which country was behind it.

Top of the target list were organisations in Morocco but institutions and companies in Brazil, the UK, France and Spain and many other nations were also caught out.

As well as governments and private equity firms, other victims included embassies, oil and gas companies, activist groups and research labs. Once it managed to infect a system, the virus stole documents, encryption keys, private network credentials and remote access information.

Soon after Kaspersky uncovered Mask it took action with other computer firms to shut 90 of the command-and-control systems keeping it running.

So far, said Symantec security researcher Liam O'Murchu, it was not clear who was behind Mask or what they were after.

"Just looking at the targets, it is not obvious who would want to target them; there is no obvious pattern," he told Reuters.

"The code is professionally written, but it's even difficult to say whether is it written by a government or by a private company that sells this type of software."

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.