Kaspersky vs. Mask

Kaspersky Lab reported the discovery of the most modern and sophisticated cyber threats ever declassified. The company revealed the details of the strife against spyware called “Mask” (or Careto in Spanish). According to the Kaspersky experts, this tool is created by Hispanic cybercriminals (or at least people who are trying to be like the Spaniards).

So why is it called “Mask” or Careto? As it turned out, the Argentines do not really know this word. “Spaniards say it is popular word is slang denoting a mask. Or an ugly face”, says Vitali Kamlyuk - a leading anti-virus expert in Kaspersky Lab. “Argentines say that it was some unfamiliar word to them. Therefore, it is not quite clear which country sands behind this virus”.

Moreover, the Kaspersky specialists assume that “Mask” is not a creation of some enthusiastic hackers, but a seriously developed malware, which may be delivered for any country’s secret service.

“We think that this level of professionalism goes far beyond conventional cybercrime”, says Kostin Raju, head of Global Research Center at Kaspersky Lab. “To achieve this, you need to have huge resources and work for a large company or the government. We believe that creators of the virus worked for the state; and not just because that they have created such a complex system, but also because it is not aimed at making profit. This is what every cybercriminal wants - to earn a lot of money. In this case however, the money did not matter”, Raju resumed.

Presumably, “Mask” started to act in 2007. Moreover, many of its modules were already known; they participated in many of the so-called “targeted attacks”. These are the cases when a Trojan does not walk freely in the network and steals data from anybody, but is sent to a specific victim, often in the form of letters from an infected link. In case of  “Mask”, the links looked quite trustworthy, for example, YouTube links.

In addition, “Mask” worked on all existing operating systems, including Mac OS, Windows, Linux, and even supposedly on mobile systems. Data exchange between the program modules was carried out through ‘cookie’ files. Virus had infected at least 380 computers in 31 countries. What is more, for some reason, Morocco is in the first place by the number of infections. Brazil is on the second place, and the United Kingdom holds the third position. According to Kaspersky Lab experts, all the infected victims had access to classified information.