InvisiMole Spyware : A Sophisticated Cyber Espionage With Stealthy Nature
Spyware is perhaps the most worrying among all cyber threats and they become sophisticated over time. InvisiMole such a sophisticated piece of spyware which was first detected by security experts of ESET. The very malware strain has attacked number of targets in countries like Russia and Ukraine. According to the latest security report, this cuber-espionage tool is active since 2013 but it remains undetected for more than five years. It is counted among dangerous spyware program which is believe to be designed for attacking financial and nation state targets. The malware has advance spying capabilities put it in the top list of spyware detected in last few years. Research also reveal that the cyber criminals behind this spyware has remove every clue which can relate the malware to a specific con artist.
InvisiMole Spyware : A Sapient Malware Which Steal Data
However, there is no much information available about InvisiMole Spyware except about its binary file but it is clear that it can steal sensitive data. According to the sample report, the malware has only affected few dozens of computer but the attack was high profile and highly valuable. According to the researcher of ESET, this spyware will turn the affected system into a video camera. It is designed to allow remote hackers to access the system and let them see what is going in the location of the victim. The malware is designed to appear like a software that provide compatibility between two applications.
Zuzana Hromcová, researcher at ESET has analyzed two malicious components related to InvisiMole Spyware respectively known as RC2FM and RC2CL. These components are designed to enable its author to capture pictures and record audio from the surrounding of victims computer. Researcher also added that these malicious components allow hackers to access the compromised system so that they can closely track activities of victim and steal their secrets.
RC2FM and RC2CL : The Two Modules Of InvisiMole Spyware
RC2FM is the first module or malicious component of InvisiMole Spyware. Research show that is smallest module which is capable to execute only 15 commands. The main function of this first module is to modify the local system, search for data and steal them. Compare to the second module it is not o advance but it is also effective. This module has the capability to extract settings of proxy from web browsers. By using the settings this module transfer data to its command and control server. RC2FM can also active the webcam, take screen-shots and make use of microphone. RC2CL is the second and most advanced module of InvisiMole Spyware. According to researchers this module can execute more than 84 commands. Running remote shell commands, execution of file, extracting list of local apps, disabling UAC, turning off Windows firewall are some of the main command of this module.
Not only this, this module is also capable to erase its own files after completing data collection process. User’s should must take proper security measures if they don’t want to expose their private data in front of this cyber-espionage tool