The cyber security Researchers at ESET have discovered a versatile spyware called InvisiMole that has been active for the past five years.
The company’s security products recently spotted an advanced cyberespionage software that targets Windows PCs in Russian and the Ukraine for nation-state hacking or financially motivated cyber-attacks.
The malicious code can turn victim’s camera, record videos, and take pictures without even being caught.
Apart from spying, the malware could also be used for inspecting the PC for system information, running services, active processes, networking information, scanning wireless networks, tracking geolocation, monitoring specific drives, etc. These activities could be easily performed using component modules — RC2FM and RC2CL.
The spyware has a modular architecture that starts working with a DLL wrapper. After using the DLL wrapper it make makes use of two other feature-rich backdoor modules at the same time which increases its capability to tunnel deep into machines.
“Common backdoors often support commands such as file system operations, file execution, registry key manipulation or remote shell activation,” ESET researchers said. “This spyware supports all of these instructions and a whole lot more – its 84 commands provide the attackers with all they need to look at their victims more closely.”
According to the researchers the malware remained unnoticed for so long because of its low-infection rate and high sophistication.
“The campaign is highly targeted – no wonder the malware has a low infection ratio, with only a few dozen computers being affected.”