A new state-sponsored computer espionage secret operation has been discovered and it uses modern software in extracting huge sensitive data from thousands of Middle-East based machines. Dubbed as “Gauss,” it was discovered by researchers from Kaspersky Lab in July while participating in a different investigation concocted by the International Telecommunication Union. The researchers initially mistook it as a Flame module which infected slightly different geographical locations. After discovering that is has additional components, they realized that Gauss is a different malware specie sharing the same origin with Flame.
Gauss is believed to have originated from the same spying “factory” or “factories” which created other malware programs such as Stuxnet, Duqu Trojans, and Flame. The name seems to pay tribute to German scientist and mathematician Johann Carl Friedrich Gauss. It comes with other modules which also seem to derive inspiration from other famous philosophers and mathematicians such as Joseph-Louis Lagrange and Kurt Godel.
The newly-discovered malware is designed to gather banking information by copying cookies from specified Lebanese banks such as Bank of Beirut, Byblos Bank, Blombank, and Credit Libanais. But when banking hours are over, it turns its head on more familiar locations such as PayPal, Amazon, MasterCard, Facebook, Yahoo! and Gmail.
It may seem strange why a government-created malware would steal access to customer’s bank accounts. Roel Schouwenberg from Kaspersky Lab explains that Gauss could have been part of a surveillance operation dubbed as “follow the money.” Unlike Stuxnet which was discovered in 2010 and was used to attack the centrifuge-controlling computers in a uranium enrichment facility located in Natanz, Iran, Gauss shows signs suggesting that it is a part of a broader and more extensive cybersurveillance operation. The attackers and creators of Gauss virus plan to keep updated with their target’s bank accounts and see how the currency is flowing.
Aside from stealing banking details, Gauss has other mysteriously-designed purpose which is yet to be unraveled by Kaspersky researchers as it is hidden in an encrypted part of its code. The key in decrypting the file may be created by running 10,000 times an MD5 hash function and the researchers would really need a lot of help to be able to do this.
Gauss is heavily concentrated in Lebanon and the surrounding countries which imply that it was concocted for a specific mission. Unlike Stuxnet, Gauss is relatively new and believed to be born in mid-2011.
You might also like
Story by pinoytutorial