InvisiMole Spyware: Sophisticated Tool for Targeted Cyber Espionage

A previously unknown piece of complex malware with spying capabilities was recently discovered by researchers at cybersecurity firm ESET. The spyware is dubbed InvisiMole and is regarded as an advanced cyber espionage tool most likely designed for attacks on nation-state and financial targets.

Technical Overview of InvisiMole Spyware

The two malicious components of InvisiMole were thoroughly analyzed by researcher Zuzana Hromcová. .Apparently, the components are able to turn the compromised host into a video camera, thus enabling attackers to capture sound and image of the victim’s surroundings. Uninvited, InvisiMole’s operators access the system, closely monitoring the victim’s activities and stealing the victim’s secrets, the researcher said in the official report.

According to the researcher’s findings, the spyware has been active at least since 2013. However, due to its sophisticated nature, it was never detected on compromised computers running ESET products in Ukraine and Russia. The extremely low detection rate most likely means that InvisiMole is highly-targeted, having infected a handful of computers.

The InvisiMole spyware has a modular architecture. The infection chain is triggered with a wrapper DLL. As for its malicious activities – they are carried out with the help of two modules embedded in its resources. Both of the modules are feature-rich backdoors, and their mutual deployment gives attackers access to as much information as they wish to gather. On top of that, the coders of the malware have taken extra measures to make it run low and undetected, and allowing it to reside stealthily on a system for unlimited period of time.

Unfortunately, researchers are yet to uncover how the malware infected its targets. All infection vectors are possible, including installation facilitated by physical access to the machine, ESET notes.

More about InvisiMole’s Components


The first, smaller (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Milena Dimitrova. Read the original post at: