The Mask is dangerous.
A Russian international computer security company, Kaspersky Lab, published a report last week about a complex code that has been dubbed, “The Mask.” Kaspersky’s report said, “Mask is an advanced threat that has been involved in cyber-espionage operations since at least 2007.” Kaspersky described the software as one of the most advanced malware ever discovered.
After Kaspersky’s report, the web-wide activities of Mask stopped. It had hit targets in 31 countries and infected more than 380 separate organizations and businesses. It appears that the malware creators were able to buy undocumented vulnerabilities in software.
Different versions of Mask have been used across systems including Windows, Apple iOS and Linux. It’s also suspected that Mask can attack Android or Apple smartphones.
The malware was named for the Spanish slang word careto. It means “ugly face” or “mask” and is used in the core code. Its name and additional factors imply Careto was created in a Spanish-speaking nation.
After infecting a system, the virus stole documents, keys to encryption, private network credentials and remote access information.
There seems to be no pattern to the attacks. Symantec security company researcher Liam O’Murchu said, “The code is professional but it’s difficult to say whether is it written by a government or a private company.”
Anyone Can Be a Victim
There doesn’t seem to be a pattern to how Mask chooses its victims, who have included:
— Government institutions
— Energy, oil and gas companies
— Private companies
— Private equity firms
— Activist groups
O’Murchu said, “Just looking at the targets, it is not obvious who would want to target them.”
What makes Mask stand out is the complexity of the tool set used by attackers. The sophisticated malware includes a rootkit, which is designed to hide programs and commands from detection. Because it is not detected, a rootkit enables the attackers continued access to a computer. Mask also uses what is called a bootkit. It’s masked software that can infect start-up code and attack encrypted systems.
Costin Raiu, Director of the Global Research and Analysis Team (GReAT) at Kaspersky Lab, referred to the Mask as “One of the most advanced threats at the moment.” She added, “This level of operational security is not normal for cyber-criminal groups.”
For the victims, an infection with Mask can be disastrous. Kaspersky said, “Careto intercepts all communication channels and collects the most vital information from the victim’s machine.” Detection is extremely difficult because of stealth rootkit capabilities, built-in functionalities and additional cyber-espionage modules.
Virus infections have been observed in the U.S. and in Algeria, Argentina, Belgium, Bolivia, Brazil, China, Colombia, Costa Rica, Cuba, Egypt, France, Germany, Gibraltar, Guatemala, Iran, Iraq, Libya, Malaysia, Mexico, Morocco, Norway, Pakistan, Poland, South Africa, Spain, Switzerland, Tunisia, Turkey, United Kingdom and Venezuela.
The malware uses phishing emails with links to a non-threatening website, but when the user clicks on the link, they are redirected to a virus-spreading website. Attackers also know to use subdomains on the malicious site to make the site seem legitimate.
Kaspersky’s report says, “The attacks rely on a combination of social engineering, for instance impersonating websites from The Guardian and Washington Post.”
To steer clear of any computer virus, do not assume links sent to you via email are safe. Even if you think the email is legitimate, instead of clicking on the link, go to your browser and type in the company name to access its website. This will help you to avoid being redirected by masked links.