A newly uncovered cyber-espionage malware tool is turning PCs into listening posts, enabling attackers to listen into conversations and take photos using the compromised machine.
Dubbed InvisiMole, the campaign has been active since 2013 but has only just been uncovered- highlighting the especially stealthy nature of the attacks.
The malware has been detailed by researchers at ESET[1], after being discovered on compromised computers in Ukraine and Russia. It's believed that the campaign is highly targeted, with just a few dozen computers affected, but that the targets are high-profile and high-value to the attackers.
ESET said the malware turns the affected computer "into a video camera[2], letting the attackers see and hear what's going on in the victim's office or wherever their device may be."
Those behind the campaign have managed to cover their tracks so well, that researchers are unsure who is behind InvisiMole, but one thing is for certain: the powerful nature of the tool puts it up there with spying campaigns conducted by some of the most sophisticated groups.
"InvisiMole is fully-equipped spyware whose rich capabilities can surely compete with other espionage tools seen in the wild," said Zuzana Hromcová, malware analyst at ESET.
Such is the under-the-radar nature of InvisiMole that researchers are still uncertain about how the payload is delivered target machines, with all infection vectors currently deemed possible, including physical access to the computer itself.
What is known is that the malware is hidden within what's designed to look like software for providing compatibility between applications. This file - disguised to look as it belongs where it is stored - is what InvisiMole is run from and used to compromise the system.
See also: What is malware? Everything you need