State-sponsored banking virus found in Middle East
10 August 2012 | 6305 views | 3
A state-sponsored computer virus that spies on online banking transactions has been discovered in the Middle East by computer security outfit Kaspersky Lab.
The virus, dubbed Gauss, is stealing access credentials for various online banking systems and payment methods, as wells as browser history, cookies, passwords, and system configurations, from infected PCs, says Kaspersky.
Since May, the security firm has identified around 2500 infected machines, mostly in Lebanon. It has targeted customers of Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank and Credit Libanais, as well as Citibank and PayPal users.
Gauss is the latest state-sponsored cyber-threat found in the region and was discovered because of its similarity to Flame, the data-mining computer virus that was found to be spying on computers in Iran earlier this year but it is the thought to be the first targeting banking credentials.
It could also be connected to Stuxnet, the virus that famously hit Iran's uranium enrichment programme in 2010 and is widely suspected to be the work of Israel and the US.
Alexander Gostev, chief security expert, Kaspersky Lab, says: "Similar to Flame and Duqu, Gauss is a complex cyber-espionage toolkit, with its design emphasising stealth and secrecy; however, its purpose was different to Flame or Duqu. Gauss targets multiple users in select countries to steal large amounts of data, with a specific focus on banking and financial information."