Kaspersky, Seculert Uncover Mahdi Spyware Campaign

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Security researchers have discovered new spyware, called Mahdi (or Madi), targeting users in the Middle East.

"Kaspersky Lab and Seculert identified more than 800 victims located in Iran, Israel, Afghanistan and elsewhere in the course of monitoring control servers associated with [the] cyber/espionage operation over the last eight months," writes The Register's John Leyden.

"The attack secretly downloaded the Madi spying software on to a victim's computer when they downloaded an email attachment, usually in the form of an innocent-looking Microsoft PowerPoint file. ... Unlike more commonly known spam emails, researchers said these messages were designed deliberately for their targets and not sent to tens of thousands of people across the world," writes The Guardian's Josh Halliday.

"The vendors claim that the majority of Madi's victims are business people working on Iranian and Israeli critical infrastructure projects, Israeli financial institutions, Middle Eastern engineering students and numerous government agencies communicating in the Middle East," writes V3.co.uk's Alastair Stevenson. "'While the malware and infrastructure is very basic compared to other similar projects, the Madi attackers have been able to conduct a sustained surveillance operation against high-profile victims,' said Kaspersky Lab senior malware researcher Nicolas Brulez."

"Mahdi, which is named after files used in the malware, refers to the Muslim messiah who, it’s prophesied, will arrive before the end of time to cleanse the world of wrongdoing and bestow peace and justice before Judgment Day," writes Wired's Kim Zetter. "But this recently discovered Mahdi is only interested in one kind of cleansing -- vaccuuming up PDFs, Excel files and Word documents from victim machines."

"Madi has the ability to log keystrokes, capture screenshots, and siphon any messages sent to or from a variety of widely used services including Gmail, Hotmail, Yahoo! Mail, Skype, or ICQ," writes Ars Technica's Dan Goodin. "It can also record audio that's in the vicinity of an infected machine and save it for upload."