SHAFAQNA (Shia International News Association) — A new virus dubbed Gauss has attacked computers in the Middle East spying on financial transactions, emails and picking passwords to all kind of pages. The virus resembles Stuxnet and Flame malware which was used to target Iran, Kaspersky Lab says.
Gauss has infected hundreds of personal computers across the Middle East – most of them in Lebanon, but also in Israel and Palestinian territories. Kaspersky Lab has classified the virus, named after one of its major components, as “a cyber-espionage toolkit”.
The malicious malware spies on transactions in banking systems and steals passwords and credentials to social networks, emails and instant messaging accounts. It can also collect system configurations.
Though Gauss seems to be specifically designed for several Lebanese online banking systems, it can also go after Citibank and PayPal users.
It is not immediately clear who may be behind the new Trojan virus, but Kaspersky Lab says the “nation-state sponsored” toolkit has features characteristic of Flame, DuQu and Stuxnet malware, which targeted machines in Iran.
"After looking at Stuxnet, DuQu and Flame, we can say with a high degree of certainty that Gauss comes from the same 'factory' or 'factories,'" Kaspersky Lab said in their report on Thursday. "All these attack toolkits represent the high end of nation-state-sponsored cyber-espionage and cyber war operations."
The researchers cannot say whether Gauss was meant to simply spy on account transactions, or to steal money from targets. But given the high probability of a nation-state actor behind it, the virus may be a counterintelligence tool, which could be used to trace funding of various groups or individuals.—www.shafaqna.com/english