Yet another major computer virus is hitting the Middle East, this time targeting financial and banking information.
Russian security firm Kapersky Labs discovered the virus in its research of Flame — which the company was first to reveal — in June 2012. Flame was the cyber-espionage cousin of the STUXNET virus — the cyberweapon that targeted and destroyed uranium enrichment centrifuges at the secret Iranian nuclear facility at Natanz in 2010.
The newly discovered virus Gauss — named after German mathematician Johann Carl Friedrich Gauss — targets the data of clients of several Lebanese banks, including Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank and Credit Libanais. Citibank and PayPal users are also targeted by the virus.
“Gauss is a complex, nation-state sponsored cyber-espionage toolkit designed to steal sensitive data, with a specific focus on browser passwords, online banking account credentials, cookies, and specific configurations of infected machines,” said Kapersky Labs in a statement Thursday.
It can also infect USB drives and store stolen data in hidden file if it needs to do so.
“The spread of infection is undetermined,” said the company on its website. Kapersky said that, while at least since May 2012, the number of infected computers could number in the tens of thousands. Kapersky also said that while the design of Gauss is similar to Flame, the geography Gauss targeted is different. The majority of systems infected by Flame were reported in Iran.
The virus is currently dormant — the servers went offline shortly after it was discovered.
Kapersky suggested in May that both STUXNET and Flame were of U.S./Israeli origin, a claim aggravated by the so-called national security leaks by the Obama administration involving the U.S. cybersecurity program Olympic Games.