We already know about the state-sponsored malware triplets Flame, Gauss, and Stuxnet, but now a new one is rearing its little head. Dubbed as “miniFlame” by Kapersky Labs, it’s a lot less cute and more dangerous than it sounds.
Also known as “SPE” and “John” by the attackers who use it, miniFlame was probably cooked up by the US and Israel and fills an important little niche in its malware family; it plugs itself directly into Flame and Gauss installations in addition to working on its own. Once it’s on a target PC, it opens up a backdoor that lets attackers directly control the infected computer, something neither Flame nor Gauss can do. As a last little bonus, miniFlame can actually delete infections of (mega)Flame and immunise the computer from further Flame infections.
Compared to the other state-sponsored malware, miniFlame has hit relatively few computers, somewhere in the the neighbourhood of 50. Chances are this is because its use was reserved for particularly high-profile targets, where the “total control” feature would be especially useful. Kapersky Labs calls it a “surgical attack tool.”
Chances are you’re not a high-value target, so it’s not a risk to we rank-and-file, but it just goes to show how sophisticated and specialised the secret suite of operating cyberweapons is. And you can bet there are more out there, still hiding. [Kapersky Labs via Wired]
Image by Ruslan Grechka/Shutterstock