By: Kim Zetter, WIRED
Who knew that when the Messiah arrived to herald the Day of Judgment he’d first root through computers to steal documents and record conversations?
That’s what Mahdi, a new piece of spyware found targeting more than 800 victims in Iran and elsewhere in the Middle East, has been doing since last December, according to Russia-based Kaspersky Lab and Seculert, an Israeli security firm that discovered the malware.
Mahdi, which is named after files used in the malware, refers to the Muslim messiah who, it’s prophesied, will arrive before the end of time to cleanse the world of wrongdoing and bestow peace and justice before Judgment Day. But this recently discovered Mahdi is only interested in one kind of cleansing – vaccuuming up PDFs, Excel files and Word documents from victim machines.
The malware, which is not sophisticated, according to Costin Raiu, senior security researcher at Kaspersky Lab, can be updated remotely from command-and-control servers to add various modules designed to steal documents, monitor keystrokes, take screenshots of e-mail communications and record audio.