Espionage software that was recently found targeting Iranian computers contains advanced Bluetooth capabilities, taking malware to new heights by allowing attackers to physically stalk their victims, new analysis from Symantec shows.

The Flame malware, reported earlier this week to have infiltrated systems in Iran and other Middle Eastern countries, is so comprehensive that security experts have said it may take years for them to fully document its inner workings. In a blog post published Thursday, Symantec researchers dangled an intriguing morsel of information concerning one advanced feature when picking apart a module that the binary code referred to as BeetleJuice.

The component scans for all Bluetooth devices in range and collects the status and unique ID of each one found, presumably so that it can be uploaded later to servers under the control of attackers, the Symantec report said. It also embeds an encoded fingerprint into each infected device with Bluetooth capabilities. The BeetleJuice module gives the attackers the ability to track not only the physical location of the infected device, but the coordinates of smartphones and other Bluetooth devices that have been in range of the infected device.

"This will be particularly effective if the compromised computer is a laptop because the victim is more likely to carry it around," the report stated. "Over time, as the victim meets associates and friends, the attackers will catalog the various devices encountered, most likely mobile phones. This way the attackers can build a map of interactions with various people—and identify the victim's social and professional circles."

By measuring the strength of radio signals broadcast by devices indexed by Flame, attackers in airports, city streets, and other locations might be able to measure the comings and goings of a host of people, the Symantec report goes on to say. It refers to at least one attack that was reported to identify Bluetooth devices more than a mile away. The post says BeetleJuice could be used to upload contacts, text messages, photos, and other data stored on Bluetooth devices, or to bypass firewalls and other security mechanisms when exfiltrating sensitive information.

According to another blog post also published Thursday by Trend Micro, Flame doesn't post a significant threat because of the "very limited and specific targets" it infected. Researchers at Kaspersky have said it hit about 1,000 computers operated by private companies, educational facilities and government-run organizations. Its significance lies in its complexity, which, when combined with its victims, strongly suggests the resources of a nation-state oversaw its creation. The malicious software is also known as Flamer and sKyWIper.

With a size of 20 megabytes, Flame is a massive piece of malware whose discovery might be the security equivalent of oceanographers finding a previously unknown sea. Expect new factoids to trickle out steadily for the foreseeable future.