ESET’s IT security researchers have released a new report revealing new spyware that has been used by unknown hackers over the past 5 years to spy on specific targets in Ukraine and Russia.
InvisiMole, a new spyware that captures images and records audio
Although the authorship of this malware, called InvisiMole, has not been proven, ESET revealed that it has probably been used as a tool for computer espionage by hackers specialized in government targets or with very large financial motivations.
This claim is based on the fact that spyware has not been widely used, and is only present on a dozen computers. However, because it is such sophisticated malware, researchers believe it could not have been created by an ordinary hacker.
Besides not knowing who is behind InvisiMole, ESET does not know more about how it spreads. In this regard, Zuzana Hromcová, author of the firm’s security report, revealed:
Our telemetry indicates that the hackers behind this malware have been active since at least 2013, but the computer spying tool was never analyzed or detected until ESET products detected it on compromised computers in Ukraine and Russia.
Hromcová explains that like other types of malware aimed at senior government officials, InvisiMole leaves no trace of its author. Only one file from October 2013 has been found to detect the malware, and all other compilation dates have been removed or retempered by arbitrary numbers, giving just a few clues about its timeline.
According to the researchers, spyware has two attack modules, one of which is responsible for searching and stealing data, and the other, more developed, extracts proxy settings from browsers and uses those settings to send data to a command and control server in the event that the local network configuration prevents access to the master server.
In this sense, some of the commands of this module can turn on the user’s microphone, record audio, encode it as mp3 and send it to the external InvisiMole server. Malware is also capable of turning on the user’s webcam and taking screenshots, monitoring local drives, retrieving system information, and modifying operating system settings.
This second module is so advanced that it includes support for executing remote Shell commands, manipulating registry keys, executing files, obtaining lists of local applications, loading drivers, disabling Windows firewall, and recording audio and capturing images just like the first module.
Finally, ESET researchers said that it is one of the most powerful spyware seen to date and that it is not intended to affect ordinary users but is intended for government spying.