Computer security firm Symantec has discovered an advanced piece of computer malware that it says may have been used for spying purposes by government entities. Known as Regin, the malware has the ability to steal passwords, monitor Internet traffic and recover deleted files once it is installed, the security research firm said.
Though a number of countries and users were targeted by Regin, over half of the infections occurred in Russia, Saudi Arabia, Ireland and Mexico. The firm said the malware was customized for its intended targets, nearly half of which were small businesses and individuals. Some infection methods involved the use of fake websites or Yahoo instant messenger.
Regin has been used against government organizations, businesses and security researchers and individuals, Symantec researchers said. And they said its complexity and capabilities likely indicate it is being used by a nation state.
“Its design makes it highly suited for persistent, longterm surveillance operations against targets,” Symantec wrote in a blog entry.
They also added the authors of Regin went to great lengths to cover their tracks and likely took months or years to create the malware. It was initially active between 2008 and 2011, the firm said, though another version of Regin emerged in 2013 and has been active since.
“It looks like it comes from a Western organization,” Symantec security strategist Sian John told the BBC. “It's the level of skill and expertise, the length of time over which it was developed."
The firm compared Regin to Stuxnet, a computer worm discovered in 2010 that was believed to have been developed by the U.S. and Israel to destroy one-fifth of Iran’s centrifuges for Uranium purification.
Regin also has the ability to hide itself from security tools, leading Symantec to believe parts of the malware have yet to be discovered.