The Gyges, is a malware that seems to have been designed to spy on public organizations and government infrastructures. According to the latest figures, he seems to have changed hands after using cyber criminals at the moment.
Malware was discovered in March of 2014 by Sentinel Labs. The researchers used reverse engineering to analyze its components and capabilities.
According to company, Gyges can be seen as an early example of a spying state villain software which was remodeled and improved by adding new sections from malicious users.
Sentinel Labs calls the threat "Invisible Malware", or in English "Invisible Malware" because of the complex mechanisms of data falsification that it has to prevent its detection. Researchers say it uses rare injection techniques and only works when the user is inactive.
In addition, it appears to be able to bypass security product sandboxes and is resistant to debugging and reverse engineering. All this, combined with the data recording it performs (keystroke recording, screenshots) and the possibilities escape, it makes it very easy for criminals who fall into it to use it as a starting point.
Sentinel Labs said traces of government malware were detected in malicious software used in malicious campaigns and designed to blackmail victims through encryption of their data and bank fraud.
The origin of this code is likely to be Russia, and it could have been created to spy on governmental organizations and services.
The sophisticated Gyges code was created for a specific purpose. For governmental espionage attacks, however, it appears that the government service that used it did not manage to control it.
Brandon Hoffman, CTO of RedSeal Networks, says defense techniques should be revised and improved, just as new releases are being redesigned to increase their functionality and complexity.
RedSeal Networks is a provider of end-to-end network visibility and analytics services aimed at prevention cyber attacks.
You can read all of her report Sentinel Labs from here (PDF)
