SECURITY FIRM Kaspersky Lab is warning about a bad piece of malware called "Gauss" that it says is going after online banking users and social networkers in the Middle East.
Gauss is a real and very complex threat according to the Russian security firm, and was first spotted in June. The firm says that it shares much in common with other trojans like Flame and Stuxnet.
"Gauss bears a striking resemblance to Flame, with its design and code base, which enabled us to discover the malicious program. Similar to Flame and Duqu, Gauss is a complex cyber-espionage toolkit, with its design emphasising stealth and secrecy; however, its purpose was different than Flame or Duqu," said Alexander Gostev, chief security expert at Kaspersky Lab.
"Gauss targets multiple users in select countries to steal large amounts of data, with a specific focus on banking and financial information."
According to the firm Gauss is nation-state sponsored and snarfs up sensitive data. Although it has similarities with other bad actors, the bank account focus appears to be unique to it. Kaspersky Lab described it as a cyber-weapon.
As well as taking banking information, Gauss can log passwords, take control of USB sticks and list the contents of drives and folders. The majority of infected users are running Windows 7, according to Kaspersky Lab.
Although it was discovered earlier this summer during investigations into Flame, it is expected to have been around for almost a year. Its command and control structure was shut down in July.
Kaspersky Lab says that around 2,500 infections have been found, and it estimates that Gauss has tens of thousands of victims. Although it has an eye for Lebanese banks, including Bank of Beirut, Fransabank and Credit Libanais, it can also target Citibank and Paypal users. µ
Where is your browser ballot now, citizen?
Banking trojan spearheading campaign via PayPal money request feature
Cobol? Still? Really?
Ira Rothken steps up to the piracy plate, again