Mask malware takes aim at governments and activists Published duration 11 February 2014

image copyright Reuters image caption Gas and oil companies were among targets hit by the Mask malicious software

Sophisticated malware aimed at governments and finance firms was probably created by a nation state, say security researchers.

Mask was uncovered by Kaspersky Labs and the code is thought to have been targeting victims for seven years.

The software is among the "most advanced threats" the company has ever seen, it said in a lengthy analysis

The web-wide activities of Mask stopped last week soon after Kaspersky revealed its existence.

Language link

Kaspersky said Mask had hit targets in 31 countries and infected more than 380 separate organisations and businesses.

It used a variety of techniques to compromise machines and, in some cases, its creators seem to have bought undocumented vulnerabilities in software in order to penetrate some targets.

Different versions of Mask were prepared by its creators so no matter what operating system people used, be it Windows, Apple iOS or Linux, they were vulnerable. Kaspersky said it also suspected that versions of Mask were available that could attack Android or Apple smartphones.

The software gets its name from the regular appearance of the Spanish word for mask (Careto) in its core code. Other hints in the code suggest it originated in a Spanish-speaking nation.

Kaspersky said it suspected Mask was created by a nation state to help it spy but declined to speculate about which country was behind it.

Top of the target list were organisations in Morocco but institutions and companies in Brazil, the UK, France and Spain and many other nations were also caught out.

As well as governments and private equity firms, other victims included embassies, oil and gas companies, activist groups and research labs. Once it managed to infect a system, the virus stole documents, encryption keys, private network credentials and remote access information.

Soon after Kaspersky uncovered Mask it took action with other computer firms to shut 90 of the command-and-control systems keeping it running.

So far, said Symantec security researcher Liam O'Murchu, it was not clear who was behind Mask or what they were after.

"Just looking at the targets, it is not obvious who would want to target them; there is no obvious pattern," he told Reuters.