'miniFlame' Malware Spreading Through Middle East

A new Flame malware variant that's designed to steal personal data from a targeted machine was identified by security firm Kaspersky Labs this week.

"The SPE malware, which we call 'miniFlame,' is a small, fully functional cyber-espionage malware designed for data theft and direct access to infected systems," wrote Kaspersky.

Kaspersky said the majority of infected systems were located in Iran and Sudan, and the scope of attack compared to other surveillance malware (Flame, Duqu, Stuxnet, etc.) was much smaller. Kaspersky estimates that between 50 and 60 specifically targeted systems have been infected.

Unlike other Flame variants, miniFlame can either be operated as an independent module, or can be controlled as a dependent component of the Flame and Gauss cyber-espionage malware (in the observed attacks, the malware was utilizing the same C&C servers as Flame for installation).

While the exact method of infection was not discovered, Kaspersky said that due to the systems infected also contained the Flame and Gauss malware, a reasonable assumption would be that miniFlame was downloaded and installed using these two malware groups.

In fact, Kaspersky said it believes that miniFlame was specially created to be a part of the same Flame and Gauss campaign.

""We can assume this malware was part of the Flame and Gauss operations which took place in multiple waves," said Roel Schouwenberg, a senior researcher at Kaspersky Lab, to Computerworld. "First wave: infect as many potentially interesting victims as possible. Secondly, data is collected from the victims, allowing the attackers to profile them and find the most interesting targets. Finally, for these 'select' targets, a specialized spy tool such as SPE/miniFlame is deployed to conduct surveillance/monitoring."

miniFlame's development began in 2007 and concluded this year, according to Kaspersky. And the researchers who discovered the attack said they have witnessed only six of a possible dozen variants of the malware.

As with the initial discovery of the Stuxnet and Flame malware, the exact purpose, including specific information stolen, is still not clear. It is also possible that more variants will be discovered in the coming months.

"With Flame, Gauss and miniFlame, we have probably only scratched surface of the massive cyber-spy operations ongoing in the Middle East," said Schouwenberg. "Their true, full purpose remains obscure and the identity of the victims and attackers remain unknown."

About the Author

Chris Paoli is the site producer for and


  • Microsoft Adding Google G Suite Migration in Exchange Admin Center

    Microsoft's Exchange Admin Center will be getting the ability to move Google G Suite calendar, contacts and e-mail data over to the Office 365 service "in the coming weeks."

  • Qualcomm Back in Datacenter Fray with AI Chip

    The chip maker joins a crowded field of vendors that are designing silicon for processing AI inference workloads in the datacenter.

  • Microsoft To Ship Surface Hub 2S Conference Device in June

    Microsoft on Wednesday announced a June U.S. ship date for one of its Surface Hub 2S conferencing room products, plus a couple of other product milestones.

  • Kaspersky Lab Nabs Another Windows Zero-Day

    Kaspersky Lab this week described more about a zero-day Windows vulnerability (CVE-2019-0859) that its researchers recently discovered, and how PowerShell was used by the exploit.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.