Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

‘MiniFlame’ Malware Another Link Between Flame, Gauss Espionage Attacks

Researchers at Kaspersky Lab say a tool first thought to be a module of the Flame malware is actually an independent piece of malware in its own right.

Researchers at Kaspersky Lab say a tool first thought to be a module of the Flame malware is actually an independent piece of malware in its own right.

Kaspersky Lab is calling the interoperable tool ‘miniFlame’. Designed to steal data and control compromised computers in the name of espionage, the malware was first discovered by Kaspersky Lab in July. During a more in-depth analysis of Flame’s command and control (C&C) in September however, they discovered the tool was not a module after all. Instead it actually could be used both as an independent malicious program or a plug-in for both Flame and Gauss – a fact the company said further proves there was cooperation between the creators of those two programs.

The discovery is the latest twist in the story of Flame and Gauss, espionage tools discovered by security pros earlier this year. Both pieces of malware had numerous commonalities, including similar achitectural platforms, module structures, code bases and communication methods with command and control servers. Flame, along with Stuxnet, is believed by many to have been part of a state-sponsored cyber-operation by the United States and Israel. 

According to Kaspersky Lab, miniFlame – called SPE in the code of Flame’s original C&C servers – is based on the same architectural platform as Flame and operates as a backdoor designed for data theft and direct access to infected computers. In addition, it is also capable of taking screenshots of victims’ computers while the computer is using a Web browser, Adobe Reader, Microsoft Office, an instant messenger or FTP client. 

The tool uploads the stolen data by connecting to its C&C server. An additional data-stealing module can be sent to an infected system to target USB devices and use them to store data collected from machines.

Development of miniFlame is believed to have started as early as 2007. Several versions of miniFlame were created between 2010 and 2011, with some still active in the wild today, according to the company.

The original infection vector of miniFlame has not been determined by Kaspersky Lab. However, unlike Flame or Gauss, which had high number of infections, the amount of infections for miniFlame is small – about 50-60 machines worldwide.

“miniFlame is a high precision attack tool,” said Alexander Gostev, chief security expert, Kaspersky Lab, in a statement. “Most likely it is a targeted cyberweapon used in what can be defined as the second wave of a cyberattack.”

Advertisement. Scroll to continue reading.

“First, Flame or Gauss are used to infect as many victims as possible to collect large quantities of information,” he continued. “After data is collected and reviewed, a potentially interesting victim is defined and identified, and miniFlame is installed in order to conduct more in-depth surveillance and cyber-espionage. The discovery of miniFlame also gives us additional evidence of the cooperation between the creators of the most notable malicious programs used for cyber warfare operations: Stuxnet, Duqu, Flame and Gauss.”

 A detailed analysis of miniFlame can be found here.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Cybercrime

On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...