There is your garden variety malware and then there is the stuff that “state actors” can create and manage. The recently discovered Careto, aka The Mask, is sophisticated and dangerous, the kind of malware that the national spy agencies in the US, UK, Russia, China et al would have.
Moreover, with versions that target the major operating systems, both mobile and desktop, Careto is a special kind of evil that doesn’t discriminate.
What makes [Careto] special is the complexity of the toolset used by the attackers. This includes an extremely sophisticated malware, a rootkit, a bootkit, 32- and 64-bit Windows versions, Mac OS X and Linux versions and possibly versions for Android and iPad/iPhone (Apple iOS) — Kaspersky Labs (pdf)
However, as with the vast majority of malware, it requires positive interaction from the user/victim to work. While individual “spear phishing” emails are employed, the victim needs to interact with the content (i.e. click a link) for bad things to happen.
When active in a victim system, [Careto] can intercept network traffic, keystrokes, Skype conversations, PGP keys, analyse WiFi traffic, fetch all information from Nokia devices, screen captures and monitor all file operations — Kaspersky
Unlike ordinary workaday malware, Careto employs sophisticated emails that are specifically targeted at the user. For example, many folks get and read daily news summaries from online newspapers, etc and Careto has targeted victims with email newsletters that closely mimic the UK’s (liberal) Guardian newspaper.
That said, Careto seems to have something of anti-liberal bias as it has to date been targeted at government, universities and activists.
Careto: Your Tax Dollars at Work?
Further, the attack vectors and malware payloads used are currently not detectable by commercial anti-virus apps, like Kaspersky, etc.
“If the NSA didn’t build Careto, it’s a safe bet that they have something like it,” writes Timothy B. Lee of The Washington Post. “And, intelligence agencies in China, Russia and other great powers are likely working on software like it too.”
Careto is sophisticated and powerful malware that was likely created by a well resourced spy agency, like the NSA. And, the punchline? Careto has been in circulation for seven years, wow.
About the only good thing one can say about Careto is that at least it doesn’t seem to be interested, at least not yet, in victims’ credit card and bank information…
What’s your take?