Another Flame-related malware module thought to have been actively targeting governments and critical infrastructure industries has been unearthed, according to Kaspersky Labs.
The IT security company reported discovering the new Flame variant, codenamed miniFlame, while analysing a number of Command and Control servers used by Flame's creators on Monday.
Believed to only be targeting a handful of networks, Kaspersky was quick to warn that despite being far smaller than Flame, the miniFlame malware is still incredibly dangerous.
"The SPE malware, which we call ‘miniFlame', is a small, fully functional espionage module designed for data theft and direct access to infected systems," wrote a Kaspersky researcher.
"If Flame and Gauss were massive spy operations, infecting thousands of users, miniFlame/SPE is a high-precision, surgical attack tool."
MiniFlame is reportedly doubly dangerous as it can work as a module of the larger Flame and Gauss malwares, or as a standalone cyber espionage tool in its own right.
"MiniFlame is in fact based on the Flame platform, but is implemented as an independent module. It can operate either independently, without the main modules of Flame in the system, or as a component controlled by Flame," wrote a Kaspersky researcher.
Kaspersky went on to cite the discovery of miniFlame as further proof that the authors of Flame are still active and creating new malware.
"The discovery of miniFlame, which works with both these espionage projects, proves that we were right when we concluded that they had come out of the same ‘cyber-weapon factory'," read the Kaspersky blog post.
"We believe that the developers of miniFlame created dozens of different modifications of the program. At this time, we have only found six of these, dated 2010-11."
Kaspersky clarified that despite being related, miniFlame's target list is radically different to the main Flame malware's.
"Unlike Flame, where the vast majority of incidents were recorded in Iran and Sudan, and unlike Gauss, which was mostly present in Lebanon, SPE [miniFlame] does not have a clear geographical bias," wrote a Kaspersky researcher.
Flame was originally uncovered in May targeting Iranian computer systems. The malware drew widespread concerns within the security industry regarding its advanced espionage capabilities.
The full scale of Flame and its overarching implications remains unknown, despite the ongoing joint research campaign being mounted by several security vendors including Kaspersky and Symantec.
"With Flame, Gauss and miniFlame, we have probably only scratched surface of the massive cyber-spy operations ongoing in the Middle East," Kaspersky added.
"Their true and full purpose remains obscure and the identities of the victims and attackers remain unknown."
Since being uncovered the existence of threats like Flame has been used as evidence that governments and businesses must change their attitude towards cyber security.
Most recently, RSA executive chairman Arthur Coviello highlighted the malware's existence as proof that businesses must begin adopting an intelligence-based, rather than perimeter-based, defence strategy.
Some parts of Atacama have not received rainfall for 500 years - but a sudden deluge of water upset the Desert's delicate biological balance
Spitzer Space Telescope could not spot Oumuamua, suggesting that it is actually pretty small
Greenland crater one of the 25 largest impact craters on Earth
This long-sought progenitor star was identified in an image captured by Hubble in 2007