Gauss Espionage Malware hits Middle East banks

2 min read
Gauss Espionage Malware hits Middle East banks

Gauss Espionage Malware hits Middle East banks

A new cyber surveillance virus has been found in the Middle East that can spy on banking transactions and steal login and passwords, according Kaspersky Lab, a leading computer security firm.

After Stuxnet, Duqu, and Flame, this one seems to mainly spy on computer users in Lebanon. It’s been dubbed Gauss (although Germanic-linguistic purists will no doubt be complaining that it should be written Gauß).

Gauss is a complex cyber-espionage toolkit, highly modular and supports new functions which can be deployed remotely by the operators in the form of plugins.

The currently known plugins perform the following functions:

Intercept browser cookies and passwords. Harvest and send system configuration data to attackers. Infect USB sticks with a data stealing module. List the content of the system drives and folders Steal credentials for various banking systems in the Middle East. Hijack account information for social network, email and IM accounts. The researchers at Russia-based Kasperky Labs who discovered it have christened it Gauss, and say it is aimed at pinching the pocketbooks of its intended targets, whoever they may be, by stealing account information of customers of certain banks in Lebanon, but also customers of Citibank and of PayPal.

An analysis of the new malicious software shows it was designed to steal data from Lebanese lenders including the Bank of Beirut (BOB), BomBank and Byblos Bank, Kaspersky said. Gauss has infected 2,500 machines, while Flame hit about 700.

Two groups Russian-based Kaspersky Labs, which first published information on Gauss and Flame, and the Hungarian research lab Crysys are detecting the malware by looking for a font that shows up on infected machines called Palida Narrow.Roel Schouwenberg, senior researcher at Kaspersky Labs, said that researchers still don’t know why Gauss’s creators included the font file.

Have a look on  relationship between Flame, Gauss, Stuxnet and Duqu:

One of the firm's top researchers said Gauss also contains a module known as "Godel" that may include a Stuxnet-like weapon for attacking industrial control systems. Kaspersky researchers said Gauss contained a “warhead” that seeks a very specific computer system with no Internet connection and installs itself only if it finds one.

Follow us on Telegram and Twitter for all such latest cybersecurity news and updates.

Most secure National Security Agencies Attacked
Previous article

Most secure National Security Agencies Attacked

Anonymous hacking group targets ASIO and  Defence Signals Directorate TWO of the nation's most secure national security agencies have been attacked by hackers. The nuisance

Security holes in China based Huawei routers
Next article

Security holes in China based Huawei routers

Researchers uncover security holes in China-based Huawei routers Routers made by China-based Huawei Technologies have very few modern security protections and easy-to-find vulnerabilities, two network-security


🎉 You've successfully subscribed to Hack Reports!