The Gyges, is a malware that seems to have been designed to spy on public organizations and government infrastructures. According to the latest figures, he seems to have changed hands after using cyber criminals at the moment.
The malicious one software ανακαλύφθηκε το Μάρτη του 2014 από την Sentinel Labs. Οι researchers they used reverse engineering to analyze its components and capabilities.
According to the company, Gyges can be considered as an early example of spyware malware that has been reshaped and improved by adding new modules to malicious users.
Sentinel Labs calls the threat "Invisible Malware", or in English "Invisible Malware" because of the complex mechanisms of data falsification that it has to prevent its detection. Researchers say it uses rare injection techniques and only works when the user is inactive.
In addition, it appears to be able to bypass sandbox security products and is resistant to debugging and reverse engineering. All of this, coupled with data capture (keystroke logging, screenshots) and escape features, makes it easy for criminals who have fallen into their hands to use it as a starting point.
Sentinel Labs said it detected traces of government malware code in malware used in malicious campaigns designed to blackmail its victims through encryptionς των δεδομένων του, αλλά και για τραπεζικές scams.
The origin of this code is likely to be Russia, and it could have been created to spy on governmental organizations and services.
The sophisticated Gyges code was created for a specific purpose. For governmental espionage attacks, however, it appears that the government service that used it did not manage to control it.
Brandon Hoffman, CTO of RedSeal Networks, says defense techniques should be revised and improved, just as new releases are being redesigned to increase their functionality and complexity.
RedSeal Networks is a provider of end-to-end and analytics networking services designed to prevent cyber attacks.
You can read the whole report of Sentinel Labs from here (PDF)