Security researchers from ESET have discovered a complex piece of spyware that was used sparingly in the last five years to infect and spy on a very small number of targets in Russia and Ukraine.
While the origin of this new malware strain —named InvisiMole— have not been determined yet, it is believed that this is an advanced cyber-espionage tool, most likely created for nation-state or financially-motivated hacks.
This assessment is based on the fact that the malware has been seen very rarely, being found on "only a few dozen computers," but also because of its broad spectrum of capabilities, something that would have taken months if not years to develop, and certainly not the work of your ordinary slash-and-grab cyber-criminal.
InvisiMole —designed for stealth and theft
Except for the malware's binary file, very little is known of who's behind it, how it spreads, or in what types of campaigns has this been used.
"Our telemetry indicates that the malicious actors behind this malware have been active at least since 2013, yet the cyber-espionage tool was never analyzed nor detected until discovered by ESET products on compromised computers in Ukraine and Russia," said ESET researcher Zuzana Hromcová, who recently penned an
in-depth report about this new threat.
"All infection vectors are possible, including installation facilitated by physical access to the machine," Hromcová added.