InvisiMole Advanced Spyware Active Five Years Before Detection

Researchers at ESET have discovered spyware that may have been spying for the past five years. The company recently detected this software in Russia and Ukraine. The malware named InvisiMole is advanced cyberespionage software that could be used for nation-state hacking or financially motivated cyber-attacks. The malware can record audio, video, and can even take pictures through the victim’s camera.

InvisiMole Can Turn Your PC Into A Spying Device

InvisiMole is a robust spying tool that can turn on a victim’s camera, record videos, and take pictures. Researchers have explained their findings in detail highlighting the sophistication of this spyware in their report.

InvisiMole has a modular architecture that begins working with a DLL wrapper. It then makes use of two other feature-rich backdoor modules embedded in its resources. In this way, it successfully collects the maximum possible data.

The main smaller module RC2FM includes a backdoor empowered by 15 supported commands. This module allows the attacker to search for system files. It also enables controlling the system’s camera and microphone.

The second module RC2CL is an advanced module with extensive spying capabilities including registry key manipulations, running remote shell commands, file execution, loading drivers, accessing a list of local apps, and disabling UAC. It can even act as a proxy, turning off Windows firewall, and can send data to C&C servers.

Moreover, the developers have employed a few techniques to escape detection. This way, the software remains active on the victim’s computer for longer, continuing with its malicious activities.

More Research is Needed About the Spyware

Researchers say that the spyware has been around since 2013. However, they still do not know much about its background. The malware remained undercover for so long merely because of its low-infection rate and high sophistication.

“The campaign is highly targeted – no wonder the malware has a low infection ratio, with only a few dozen computers being affected.”

Owing to its highly equipped design, this tool seems to outclass all other espionage tools known yet.

Though the researchers have explained quite a lot about the technicalities associated with this spyware, several things still need an answer. For instance, why the authors used two modules with overlapping functionalities is still unclear. So far, the modules appear to be adding more complexity to the malware with more research needed to uncover it further.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients