Symantec, one of the leading computer security companies of the world, has discovered a new, sophisticated malware allegedly created by a government. Once installed, it can capture screens, discover and steal passwords, and recover deleted files, the BBC reports.
According to Symantec, the computers most heavily hit by the Regin malware were those in Russia, Saudi Arabia and Ireland. The bug was used to spy on government organizations, private individuals and businesses. It has allegedly been created as a tool for cyber espionage by the government of a national state, in months if not years – this is what the level of sophistication of the software suggests. According to Sian John, security strategist at Symantec, Regin was probably deployed by a Western organization judging by the skill and expertise necessary to develop such an efficient tool.
Symantec has drawn parallels with Stuxnet in case of this new malware. If you remember, Stuxnet was a computer worm discovered in 2010, designed to attack industrial programmable logic controllers. It was not a specific piece of code – it was designed to be adaptable to a series of systems, from automobile plants to power generation facilities. Ultimately it was used against Iran’s nuclear centrifuges, rendering almost one fifth of them useless.
According to a blog post published on Symantec’s website, Regin is a “multi-staged threat, and each stage is hidden and encrypted, with the exception of the first stage”. When the first stage of the malware is executed, it triggers a domino chain of decryption and loading of the next stage, for a total of five stages. Reign uses a modular approach, loading custom features as needed, depending on the target. Reign has been used between 2008 and 2011 against a variety of targets – air lines, telecommunication backbones, energy providers, research facilities, and (in almost half of the cases) private individuals.