We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Gauss Cyber Espionage Threat Targets Banking Info

A new malware threat has been discovered that seems to have the same state-sponsored roots as Stuxnet, Duqu, and Flame.

Gauss joins the ranks of Stuxnet, Duqu, and Flame as an apparently state-sponsored tool of cyber espionage. This latest threat appears to be built from the same code foundation as Flame, and specifically targets bank credentials and financial data.

Kaspersky Lab--the largest privately held vendor of antimalware and endpoint security products--announced the new threat. A Kaspersky FAQ about Gauss boils the description of Gauss down to a 140-character tweet: Gauss is a nation state sponsored banking Trojan which carries a warhead of unknown designation.

Gauss has been flying under the radar and evading detection since the fall of 2011. Ironically, it was discovered during operations initiated by the International Telecommunications Union (ITU) in the wake of Flame in an effort to detect and mitigate any other stealthy cyber threats. Mission accomplished.

Kaspersky was able to detect and identify the threat--dubbed Gauss because its main module is named after the German mathematician Johann Carl Friedrich Gaussbecause it uses a similar architecture, module structure, code base, and methods of communication with command and control (C&C) servers as its cousin, Flame.

While Flame, Stuxnet, and Duqu seemed to be aimed at Iran, Gauss appears to specifically target Lebanese banks, as well as Citibank and PayPal accounts. Gauss steals browser history, cookies, passwords, and system configurations from compromised systems, and collects usernames and passwords for financial accounts and payment systems.

The initial method of infection is still unknown. Like Flame and Duqu, though, the propagation of Gauss seems to be controlled in order to maintain stealth and avoid detection. Kaspersky has detected 2,500 infected machines so far, and estimates the total number of compromised systems to be in the tens of thousands.

The malware was discovered in June of 2012, and the C&C servers that manage it were effectively shutdown in July of 2012. As a result, Gauss is now in a dormant state.

IDG UK Sites

How to use an Apple Watch: Everything you need to know about the Apple Watch

IDG UK Sites

Why Scottish Tablet is better than the iPad mini

IDG UK Sites

How Microsoft's HoloLens AR headset will work without needing a computer or phone

IDG UK Sites

Apple MacBook 1.1 GHz review (Retina, 12-inch, Early 2015): The future of Apple laptops