Flame and Stuxnet Cousin Targets Lebanese Bank Customers, Carries Mysterious Payload
By: Kim Zetter, WIRED
A newly uncovered espionage tool, apparently designed by the same people behind the state-sponsored Flame malware that
infiltrated machines in Iran, has been found infecting systems in other
countries in the Middle East, according to researchers.
The malware, which steals system information but also has a
mysterious payload that could be destructive against critical
infrastructure, has been found infecting at least 2,500 machines, most
of them in Lebanon, according to Russia-based security firm Kaspersky
Lab, which discovered the malware in June and published an extensive analysis of it on Thursday.
The spyware, dubbed Gauss after a name found in one of its main
files, also has a module that targets bank accounts in order to capture
login credentials. The malware targets accounts at several banks in
Lebanon, including the Bank of Beirut, EBLF, BlomBank, ByblosBank,
FransaBank and Credit Libanais. It also targets customers of Citibank