Evidence shows Regin spy malware is used by Five Eyes intelligence
Userlevel 7
Posted on 27.01.2015Kaspersky Lab researchers who have recently analyzed a copy of the malicious QWERTY module have discovered that the malware is identical in functionality to a Regin malware plugin, and are convinced that the developers of both pieces of malware are either the same or are working closely together.
The QWERTY sample has been provided to the researchers by Der Spiegel, and is ostensibly used by a number of governments belonging to the Five Eyes intelligence alliance in their computer network operations.
QWERTY is a keylogger, a plugin for the WARRIORPRIDE malware framework. Among the binaries it contains is 20123.sys, an significant part of whose source code can also be found in the Regin 50251 plugin.
"The QWERTY keylogger doesn't function as a stand-alone module, it relies on kernel hooking functions which are provided by the Regin module 50225," they also noted. full article
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.