InvisiMole Advanced Spyware Active Five Years Before Detection

  • 217
  •  
  •  
  • 15
  •  
  •  
  •  
    232
    Shares

Researchers at ESET have discovered spyware that may have been spying for the past five years. The company recently detected this software in Russia and Ukraine. The malware named InvisiMole is advanced cyberespionage software that could be used for nation-state hacking or financially motivated cyber-attacks. The malware can record audio, video, and can even take pictures through the victim’s camera.

InvisiMole Can Turn Your PC Into A Spying Device

InvisiMole is a robust spying tool that can turn on a victim’s camera, record videos, and take pictures. Researchers have explained their findings in detail highlighting the sophistication of this spyware in their report.

InvisiMole has a modular architecture that begins working with a DLL wrapper. It then makes use of two other feature-rich backdoor modules embedded in its resources. In this way, it successfully collects the maximum possible data.

The main smaller module RC2FM includes a backdoor empowered by 15 supported commands. This module allows the attacker to search for system files. It also enables controlling the system’s camera and microphone.

The second module RC2CL is an advanced module with extensive spying capabilities including registry key manipulations, running remote shell commands, file execution, loading drivers, accessing a list of local apps, and disabling UAC. It can even act as a proxy, turning off Windows firewall, and can send data to C&C servers.

Moreover, the developers have employed a few techniques to escape detection. This way, the software remains active on the victim’s computer for longer, continuing with its malicious activities.

More Research is Needed About the Spyware

Researchers say that the spyware has been around since 2013. However, they still do not know much about its background. The malware remained undercover for so long merely because of its low-infection rate and high sophistication.

“The campaign is highly targeted – no wonder the malware has a low infection ratio, with only a few dozen computers being affected.”

Owing to its highly equipped design, this tool seems to outclass all other espionage tools known yet.

Though the researchers have explained quite a lot about the technicalities associated with this spyware, several things still need an answer. For instance, why the authors used two modules with overlapping functionalities is still unclear. So far, the modules appear to be adding more complexity to the malware with more research needed to uncover it further.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!