Russian security firm Kaspersky Lab has uncovered a new piece of malware that shares alarming similarities to Flame and Stuxnet, and is targeting online banking users and social networkers in the Middle East.
The firm reported the malware shared a similar code base to Flame, a hyper-complex piece of malware designed for cyber espionage that Kaspersky helped uncover earlier in 2012.
"Gauss bears a striking resemblance to Flame, with its design and code base, which enabled us to discover the malicious program. Similar to Flame and Duqu, Gauss is a complex cyber-espionage toolkit, with its design emphasising stealth and secrecy; however, its purpose was different than Flame or Duqu," said Alexander Gostev, chief security expert at Kaspersky Lab.
"Gauss targets multiple users in select countries to steal large amounts of data, with a specific focus on banking and financial information."
Kaspersky claims that like Flame, Gauss is likely a nation-state sponsored malware attack and is designed to steal sensitive data from its targets. The malware's specific banking focus differentiates it from Flame and Stuxnet, which are both believed to have been designed with a more specific political aim.
As well as financial information, Kaspersky reported that Gauss can steal login passwords, take control of USB sticks and list the contents of drives and folders.
The full scale of the Gauss attack radius remains unknown. Kaspersky claimed it has already detected around 2,500 machines infected with the malware and estimates thousands others may also be infected.
The malware is the latest in a long line of cyber espionage campaigns to be discovered targeting the Middle East. Prior to Gauss, Kaspersky also discovered the less sophisticated Madi malware targeting the region.
Geoengineering on the sea floor near glaciers would form a new ice shelf to prevent melting
Alterations in capillary blood flow can be caused by body position change
Curiosity rover is in 'normal mode' but not transmitting scientific data back to base
NatWest outage comes a day after Barclays' IT systems shut out customers and staff