Kaspersky Uncovers New Version of Mahdi Spyware

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

According to Kaspersky Lab researcher Nicolas Brulez, a new version of the Mahdi (or Madi) spyware has appeared following last week's shutdown of the malware's command and control (C&C) domains.

"The new malware contains a number of refinements, such as not waiting for instructions from a C&C server," writes InformationWeek's Mathew J. Schwartz. "Instead, the malware simply grabs all targeted information and uploads it to a designated server, which, as with previous versions of the malware, is also hosted in Canada."

"New research has deduced the spyware, first unearthed by Kaspersky and Israeli security firm Seculert, 'stays silent for two days before it starts its activities,' according to Brulez," writes Threatpost's Christopher Brook. "The latest version of Madi also has the ability to monitor the Russian social network Vkontakte (VK) along with the Jabber messaging platform to look for users who visit Web sites that contain words like 'USA,' 'Skype,' and 'gov.' With each occurrence, Madi will capture screenshots of the incident and send them to the C&C server."

"Madi is believed to have already stolen gigabytes of data from its victims' computers," writes V3.co.uk's Alastair Stevenson. "The origin of the Trojan is currently unknown though vendors have hinted it may be the latest government funded cyber attack uncovered this year."