Third malware instance connected to Canadian intelligence service documents discovered.
Another member of the cartoon malware family – Casper – has been discovered, following in the footsteps of Babar and EvilBunny. G DATA security experts believe that Casper is the successor to Babar and EvilBunny and was developed by the same programmers – potentially with connections to the French intelligence service. Information about the malware initially came from documents from the Canadian intelligence service CSEC, which came to light as part of the Snowden revelations. However, Casper shows interesting differences to its predecessors. The malware is designed to be modular, so that the appropriate software for the target can be downloaded, and it includes a tactic for combatting security solutions. Babar was already capable of identifying the security solution installed on the system. Casper goes a step further: besides identifying the solution, it can initiate various strategies to circumvent detection. Analysis has shown that Casper uses a security hole (zero-day exploit) in Adobe Flash Player to access the computer. The malware receives its commands from a website registered to the Syrian Ministry of Justice. Syrian citizens can complain about legal infringements on this website.