Kaspersky Lab today revealed that a global-level security threat called The Mask or Careto has been discovered in the wild and targets many high-profile organizations across the globe. This include government institutions, diplomatic offices and embassies, research institutions, private equity firms, and activists as well as energy, oil, and gas companies.
Detected in 31 countries throughout the world including Malaysia, the Russian computer security company believed that Careto is a state sponsored campaign due to its complexity and highly coordinated methods. Even though Kaspersky Lab’s team only discovered the threat last year, the team’s analysis showed that The Mask might have been active since at least five years ago with some of the Careto’s samples were even older as they were compiled back in 2007.
The Careto’s toolset includes what seemed to be a highly advanced malware, a rootkit, and a bootkit together with versions for Mac OS X and Linux with possibility of versions for Android and iOS. Additionally, Careto also turned out to be a highly modular system with support for plugins, configuration files and additional modules. Careto also tried to take advantage of vulnerabilities on older Kaspersky Lab’s products which is exactly how it managed to attract the attention of Kaspersky Lab’s team.
Careto spreads through spear-phishing emails that would lead victims to a malicious website which contains exploits that are designed to infect the victim. When the infection is successful, the victim will then be redirected to a different but harmless website that might have been referenced in the original spear-phishing email. The infection will then intercept all communication channels on the victim’s machine and begins to collect vital information from the information through a large list of documents including encryption keys, VPN configurations, SSH keys, and RDP files.
As of now, all known command-and-control servers used by Careto are no longer online as Careto ’s operators seem to have shut down their servers in January 2014. To learn further about Careto, check out this FAQ by Kaspersky Lab.
[Source: Kaspersky Lab]