Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Mahdi Malware Finds 150 New Targets Including U.S. and Germany, Gets More Evasive

Mahdi Malware

In mid July, Seculert discovered a new cyber-espionage weapon that was targeting organizations in the Middle East. 

Mahdi Malware

In mid July, Seculert discovered a new cyber-espionage weapon that was targeting organizations in the Middle East. 

Known as ‘Mahdi‘ or ‘Madi’, the malware is capable of stealing data from infected Windows computers, and also capable of monitoring email and instant messages, recording audio, capturing keystrokes and taking screenshots of victims’ computers.

Overall, Mahdi is a complex cyber-espionage weapon that unlike Flame, Stuxnet and Gauss, is still alive and well, and continues to get updated and find new targets.

According to new research from Seculert, the group behind Mahdi continues to test and improve new versions of the malware in order to find ways to evade security measures.

Israel-based Seculert says that in the past few weeks, they have monitored dozens of new variants of Mahdi, many of which are not currently being detected by most AV vendors.

Additionally, Seculert says that since the initial discovery of the malware back in July, 150 new Mahdi victims have been identified, with the total number of infections identified approaching 1,000 globally.

Some of these targets appear to be located in the United States and in Germany, Seculert said, though most targets still appear to be from Iran.

“This correlates back to the fact that the latest version of Mahdi, added new triggers to the malware – ‘USA’ and ‘GOV’,” the company explained in a blog post.

Advertisement. Scroll to continue reading.

For those organizations being targeted in the US, the victims have connections to Middle Eastern companies, either working at such companies, or visit them frequently, a Seculert spokesperson told SecurityWeek

Seculert also explained that after investigating a fifth command and control (C&C) server since the initial discovery of Mahdi, they were able to identify different malware variants communicating with it dating back to June 2012. That firth server, located in Canada, seems to have replaced the original server that was identified in back in February.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...