'miniFlame' Malware Spreading Through Middle East

A new Flame malware variant that's designed to steal personal data from a targeted machine was identified by security firm Kaspersky Labs this week.

"The SPE malware, which we call 'miniFlame,' is a small, fully functional cyber-espionage malware designed for data theft and direct access to infected systems," wrote Kaspersky.

Kaspersky said the majority of infected systems were located in Iran and Sudan, and the scope of attack compared to other surveillance malware (Flame, Duqu, Stuxnet, etc.) was much smaller. Kaspersky estimates that between 50 and 60 specifically targeted systems have been infected.

Unlike other Flame variants, miniFlame can either be operated as an independent module, or can be controlled as a dependent component of the Flame and Gauss cyber-espionage malware (in the observed attacks, the malware was utilizing the same C&C servers as Flame for installation).

While the exact method of infection was not discovered, Kaspersky said that due to the systems infected also contained the Flame and Gauss malware, a reasonable assumption would be that miniFlame was downloaded and installed using these two malware groups.

In fact, Kaspersky said it believes that miniFlame was specially created to be a part of the same Flame and Gauss campaign.

""We can assume this malware was part of the Flame and Gauss operations which took place in multiple waves," said Roel Schouwenberg, a senior researcher at Kaspersky Lab, to Computerworld. "First wave: infect as many potentially interesting victims as possible. Secondly, data is collected from the victims, allowing the attackers to profile them and find the most interesting targets. Finally, for these 'select' targets, a specialized spy tool such as SPE/miniFlame is deployed to conduct surveillance/monitoring."

miniFlame's development began in 2007 and concluded this year, according to Kaspersky. And the researchers who discovered the attack said they have witnessed only six of a possible dozen variants of the malware.

As with the initial discovery of the Stuxnet and Flame malware, the exact purpose, including specific information stolen, is still not clear. It is also possible that more variants will be discovered in the coming months.

"With Flame, Gauss and miniFlame, we have probably only scratched surface of the massive cyber-spy operations ongoing in the Middle East," said Schouwenberg. "Their true, full purpose remains obscure and the identity of the victims and attackers remain unknown."

About the Author

Chris Paoli is the site producer for and


  • Microsoft Previews New App Reporting and Consent Tools in Azure AD

    Microsoft last week described a few Azure Active Directory improvements for organizations wanting to connect their applications to Microsoft's identity and access service.

  • Free Software Foundation Asks Microsoft To Release Windows 7 Code

    The Free Software Foundation this week announced that it has established a petition demanding that Microsoft release its proprietary Windows 7 code as free software.

  • Managing Multiple Remote Connections in One Place with mRemoteNG

    If you're juggling multiple remote connections daily, this is the utility for you. Brien walks through the steps to use mRemoteNG, from installation to deployment.

  • Microsoft Unveils Plan To Push Bing to Office 365 ProPlus Users

    Microsoft on Tuesday unveiled plans to deliver an extension that will change the default search engine to Bing in both Google Chrome and Mozilla Firefox browsers for Office 365 ProPlus subscribers.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.