Announcement of 09. March 2015

Casper spyware uses security hole to access computers

Third malware instance connected to Canadian intelligence service documents discovered.

Another member of the cartoon malware family – Casper – has been discovered, following in the footsteps of Babar and EvilBunny. G DATA security experts believe that Casper is the successor to Babar and EvilBunny and was developed by the same programmers – potentially with connections to the French intelligence service. Information about the malware initially came from documents from the Canadian intelligence service CSEC, which came to light as part of the Snowden revelations. However, Casper shows interesting differences to its predecessors. The malware is designed to be modular, so that the appropriate software for the target can be downloaded, and it includes a tactic for combatting security solutions. Babar was already capable of identifying the security solution installed on the system. Casper goes a step further: besides identifying the solution, it can initiate various strategies to circumvent detection. Analysis has shown that Casper uses a security hole (zero-day exploit) in Adobe Flash Player to access the computer. The malware receives its commands from a website registered to the Syrian Ministry of Justice. Syrian citizens can complain about legal infringements on this website.

You can find detailed information about Casper in the G DATA SecurityBlog.

  

Click here for an analysis of the Babar malware.

Media:

Files:

Announcement of 09. March 2015

G DATA Software AG
G DATA Campus
Königsallee 178
D-44799 Bochum

Phone: +49 234 9762-239
E-Mail: presse@remove-this.gdata.de

Hauke Gierow
Press spokesperson

Contact

Hauke Gierow

Phone: +49 234 9762-665
hauke.gierow@remove-this.gdata.de

Kathrin Beckert-Plewka
Public Relations Manager

Contact

Kathrin Beckert-Plewka

Phone: +49 234 9762-507
kathrin.beckert@remove-this.gdata.de

Stefan Karpenstein
Public Relations Manager

Contact

Stefan Karpenstein

Phone: +49 234 9762-517
stefan.karpenstein@remove-this.gdata.de

Vera Haake
Spokesperson for event & location communication

Contact

Vera Haake

Phone: +49 234 9762-376
vera.haake@remove-this.gdata.de