12 February 2016

State-sponsored banking virus found in Middle East

10 August 2012  |  6000 views  |  3 purple swirls

A state-sponsored computer virus that spies on online banking transactions has been discovered in the Middle East by computer security outfit Kaspersky Lab.

The virus, dubbed Gauss, is stealing access credentials for various online banking systems and payment methods, as wells as browser history, cookies, passwords, and system configurations, from infected PCs, says Kaspersky.

Since May, the security firm has identified around 2500 infected machines, mostly in Lebanon. It has targeted customers of Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank and Credit Libanais, as well as Citibank and PayPal users.

Gauss is the latest state-sponsored cyber-threat found in the region and was discovered because of its similarity to Flame, the data-mining computer virus that was found to be spying on computers in Iran earlier this year but it is the thought to be the first targeting banking credentials.

It could also be connected to Stuxnet, the virus that famously hit Iran's uranium enrichment programme in 2010 and is widely suspected to be the work of Israel and the US.

Alexander Gostev, chief security expert, Kaspersky Lab, says: "Similar to Flame and Duqu, Gauss is a complex cyber-espionage toolkit, with its design emphasising stealth and secrecy; however, its purpose was different to Flame or Duqu. Gauss targets multiple users in select countries to steal large amounts of data, with a specific focus on banking and financial information."

Comments: (3)

Chander Singh
Chander Singh - BBG Banking Operations IT Consultants - London | 10 August, 2012, 11:51

State sponsored spying is not new. It has been practised time and memorial. But in the banking world, the regulator is a watch dog from distance with rights to do operational audit and do a fact finding post mortem. However, I see two key issues arising from this report -

1. The regulatory mechanism of transaction monitoring and reporting system should ensure that particular types of transactions as per pre-defined parameters are reported to the regulator as per the frequency post or during on-line transaction. Not sure if that mechanism is in place.

2. Why the state regulators decide to implant a virus in a surreptitious manner, while they have the authority to ask banks to instal a legitimate application provided by the regulator properly integrated with the online or other transaction processing systems of the banks. Why regulators did not think of that.

Regulators have to come out openly with more innovative ideas of control and monitoring in light of changed society, and more importantly regulators themselves have to equip better with the changing times, rather than using sneaky ways of monitoring and control.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 13 August, 2012, 07:40

It depends on from which country the spying government agency comes - if it is a foreign government department, it is spying. If it is the domestic government banking supervision authority it can at best be considered as unusual supervision. In most countries the FSA activity is regulated on procedure rules and would not allow the FSA to plant spyware into bank computers or bank customer PC:s. So the 1000 dollar question is - from which government did this spyware come? The security lab should have a good opinion.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Gerhard Schwartz
Gerhard Schwartz - Hewlett-Packard - | 13 August, 2012, 11:12

Not sure whether the headline "State-sponsored banking virus found in the Middle East" is appropriate. It is widely agreed that the original Stuxnet malware was probably built by some state-sponsored agency or agencies - but Stuxnet is in the wild now since quite some time. Skilled criminals can find access to that code, and are apparently now trying to leverage parts of that malware for their own purposes.  

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board, sign up now.

Related stories

29 March, 2012
21 March, 2012
20 January, 2012
27 April, 2011
14 April, 2011
26 May, 2010

Top topics

Most viewed Most shared
UK sets out open banking API frameworkUK sets out open banking API framework
15114 views comments | 100 tweets | 89 linkedin
Deutsche Bank calls for co-operation with fintech firms on B2B servicesDeutsche Bank calls for co-operation with...
8186 views comments | 28 tweets | 30 linkedin
How to accelerate your fintech startupHow to accelerate your fintech startup
7872 views comments | 34 tweets | 9 linkedin
Is Paym a failure?Is Paym a failure?
6646 views 16 comments | 23 tweets | 16 linkedin
Visa issues API to offer consumer control over card transactionsVisa issues API to offer consumer control...
6091 views comments | 17 tweets | 28 linkedin

Featured job

Find your next job