'miniFlame' Malware Spreading Through Middle East
A new Flame malware variant that's designed to steal personal data from a targeted machine was identified by security firm Kaspersky Labs this week.
"The SPE malware, which we call 'miniFlame,' is a small, fully functional cyber-espionage malware designed for data theft and direct access to infected systems," wrote Kaspersky.
Kaspersky said the majority of infected systems were located in Iran and Sudan, and the scope of attack compared to other surveillance malware (Flame, Duqu, Stuxnet, etc.) was much smaller. Kaspersky estimates that between 50 and 60 specifically targeted systems have been infected.
Unlike other Flame variants, miniFlame can either be operated as an independent module, or can be controlled as a dependent component of the Flame and Gauss cyber-espionage malware (in the observed attacks, the malware was utilizing the same C&C servers as Flame for installation).
While the exact method of infection was not discovered, Kaspersky said that due to the systems infected also contained the Flame and Gauss malware, a reasonable assumption would be that miniFlame was downloaded and installed using these two malware groups.
In fact, Kaspersky said it believes that miniFlame was specially created to be a part of the same Flame and Gauss campaign.
""We can assume this malware was part of the Flame and Gauss operations which took place in multiple waves," said Roel Schouwenberg, a senior researcher at Kaspersky Lab, to Computerworld. "First wave: infect as many potentially interesting victims as possible. Secondly, data is collected from the victims, allowing the attackers to profile them and find the most interesting targets. Finally, for these 'select' targets, a specialized spy tool such as SPE/miniFlame is deployed to conduct surveillance/monitoring."
miniFlame's development began in 2007 and concluded this year, according to Kaspersky. And the researchers who discovered the attack said they have witnessed only six of a possible dozen variants of the malware.
As with the initial discovery of the Stuxnet and Flame malware, the exact purpose, including specific information stolen, is still not clear. It is also possible that more variants will be discovered in the coming months.
"With Flame, Gauss and miniFlame, we have probably only scratched surface of the massive cyber-spy operations ongoing in the Middle East," said Schouwenberg. "Their true, full purpose remains obscure and the identity of the victims and attackers remain unknown."