New virus can spy on online banking transactions
Published Thursday, August 9, 2012 2:10PM EDT
The latest cyber threat to target users in the Middle East could steal browser passwords and online banking account credentials, according to security firm Kaspersky Lab.
The Moscow-based firm announced on Thursday that it has discovered the cyber surveillance virus, which it calls “Gauss,” in personal computers in Lebanon.
Kaspersky Lab said Gauss is capable of stealing data from the clients of several Lebanese banks and it has also targeted Citibank and PayPal users.
It’s estimated that the virus was deployed around September 2011.
Researchers discovered Gauss due to its strong resemblance to Flame, a cyber virus that infiltrated computers in Iran and was believed to have targeted the country’s nuclear program.
Kaspersky Lab described Gauss as a “complex cyber-espionage toolkit,” which was created by the same individuals behind Flame.
“Gauss bears striking resemblances to Flame, such as its design and code base, which enabled us to discover the malicious program,” said Kaspersky Lab chief security expert Alexander Gostev.
Kaspersky Lab was helping the United Nations' International Telecommunications Union search for destructive malware when it came across Flame.
However, Gostev said that Gauss’ purpose was different than Flame’s.
“Gauss targets multiple users in select countries to steal large amounts of data, with a specific focus on banking and financial information.”
Flame, on the other hand, targeted specific software vulnerabilities and was selective in the computers it attacked.
In a posting on its website, Kaspersky Lab said the detailed data from the infected computers is sent to the attackers.
“Since late May 2012, more than 2,500 infections were recorded by Kaspersky Lab’s cloud-based security system,” said the company, estimating the total number of victims of Gauss to be in the tens of thousands.
Gauss has since been blocked and remediated by Kaspersky Lab.