The Mask AKA Careto Espionage Malware

The New Acunetix V12 Engine


So the latest buzz going around is caused by a hacking group that appears to be Spanish and is called The Mask or Careto.

The reason there is a fair amount of buzz is their next level espionage malware that has been targeting government institutions, diplomatic offices and embassies, energy, oil and gas companies, research organizations and activists.

And the crazy part? It’s been in operation over SEVEN YEARS, without detection.

A recently discovered hacking group called “The Mask” has set a new standard for malware used in sophisticated attacks against government agencies, industry and research organizations, experts say.

On Monday, Kaspersky Lab reported discovering the advanced Spanish-speaking group that has been involved in cyberespionage since at least 2007.

The Mask, aka Careto, has targeted government institutions, diplomatic offices and embassies, energy, oil and gas companies, research organizations and activists in 31 countries from the Middle East and Europe to Africa and the Americas.

The hackers’ mission is to steal sensitive data, but the capabilities of their malware go far beyond pilfering documents. It can also take from networks various encryption keys and authentication keys used in machine-to-machine communications.

“Basically, everything secured and confidential easily becomes available and in a plain text,” Dmitry Bestuzhen, head of the research center for Kaspersky Lab in Latin America, said Tuesday.

Versions of the malware were found for Windows, Mac OS X and Linux. Other versions are believed to be capable of infecting Android and iOS mobile devices.

The Mask has built malware that has set a new standard for other hackers to emulate, security experts say.


The implication that’s its likely a Spanish sourced attack is the targets are predominantly Spanish speaking nations and infections in places like Morocco and Gibraltar are on the list.

It’s a fairly cross platform attack as well with Windows, Mac, Linux and even possibly mobile versions for iOS and Android.

The discovery of The Mask, which experts say is likely working for a nation-state, is expected to spark a cyber-arms race, Bestuzhev said.

“They certainly will invest more money in new exploit development, trying to align their cyber-arms to the same level as their potential adversaries,” he said.

To infect systems, the group started with emails designed to get the recipient to click on a link to a malicious website. The site contained a number of exploits that were downloaded based on the configuration of the visitor’s computer.

Following the infection, the visitor was redirected to the benign website referenced in the email, which could be a YouTube movie or news portal.

Because the malware was designed to evade anti-virus software, the best defense would be to catch the malicious app after it is installed.

“This malware highlights how critical it is to audit SSH (machine-to-machine authentication) keys, minimize their number, and regularly change them,” Ylonen said.

Kevin Coleman, strategic management consultant for SilverRhino, which specializes in IT security for U.S. government agencies, favored technology that monitors software behavior in the network and warns of unusual activity.

Organizations should also monitor outbound traffic and make sure it is going to known IP addresses, Coleman said.

It also grabs all kinds of goodies like encryption keys making ‘secure’ communications not so secure any more.

I’ll be interested to see if any more technical details about it come out, or even possibly if the binaries get posted.

Soource: Network World

Posted in: Malware, Privacy

, ,


Latest Posts:


Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.


Comments are closed.