Another Flame-related malware module thought to have been actively targeting governments and critical infrastructure industries has been unearthed, according to Kaspersky Labs.
The IT security company reported discovering the new Flame variant, codenamed miniFlame, while analysing a number of Command and Control servers used by Flame's creators on Monday.
Believed to only be targeting a handful of networks, Kaspersky was quick to warn that despite being far smaller than Flame, the miniFlame malware is still incredibly dangerous.
"The SPE malware, which we call ‘miniFlame', is a small, fully functional espionage module designed for data theft and direct access to infected systems," wrote a Kaspersky researcher.
"If Flame and Gauss were massive spy operations, infecting thousands of users, miniFlame/SPE is a high-precision, surgical attack tool."
MiniFlame is reportedly doubly dangerous as it can work as a module of the larger Flame and Gauss malwares, or as a standalone cyber espionage tool in its own right.
"MiniFlame is in fact based on the Flame platform, but is implemented as an independent module. It can operate either independently, without the main modules of Flame in the system, or as a component controlled by Flame," wrote a Kaspersky researcher.
Kaspersky went on to cite the discovery of miniFlame as further proof that the authors of Flame are still active and creating new malware.
"The discovery of miniFlame, which works with both these espionage projects, proves that we were right when we concluded that they had come out of the same ‘cyber-weapon factory'," read the Kaspersky blog post.
"We believe that the developers of miniFlame created dozens of different modifications of the program. At this time, we have only found six of these, dated 2010-11."
Kaspersky clarified that despite being related, miniFlame's target list is radically different to the main Flame malware's.
"Unlike Flame, where the vast majority of incidents were recorded in Iran and Sudan, and unlike Gauss, which was mostly present in Lebanon, SPE [miniFlame] does not have a clear geographical bias," wrote a Kaspersky researcher.
Flame was originally uncovered in May targeting Iranian computer systems. The malware drew widespread concerns within the security industry regarding its advanced espionage capabilities.
The full scale of Flame and its overarching implications remains unknown, despite the ongoing joint research campaign being mounted by several security vendors including Kaspersky and Symantec.
"With Flame, Gauss and miniFlame, we have probably only scratched surface of the massive cyber-spy operations ongoing in the Middle East," Kaspersky added.
"Their true and full purpose remains obscure and the identities of the victims and attackers remain unknown."
Since being uncovered the existence of threats like Flame has been used as evidence that governments and businesses must change their attitude towards cyber security.
Most recently, RSA executive chairman Arthur Coviello highlighted the malware's existence as proof that businesses must begin adopting an intelligence-based, rather than perimeter-based, defence strategy.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago