sb-eu logo
Story image

After five years, the InvisiMole spyware isn't so invisible anymore

20 Jun 2018

A small number of webcams in offices and homes are being targeted by a spyware dubbed InvisiMole, which has been active (and hidden) since at least 2013.

Security firm ESET posted an alert about the spyware last week, and says that malware has only been hidden for so long because it is highly-targeted.

InvisiMole is able to turn the affected computer into a video camera, which allows the attackers see and hear what’s going on around their intended victim. Attackers can then ‘closely monitor the victim’s activities and steal the victim’s secrets.

According to ESET senior research fellow Nick FitzGerald, the telemetry behind the malware suggests it is at least five years old, but it wasn’t detected or analysed until it was discovered on computers in the Ukraine and Russia.

The malware so far has a low infection rate with only a few dozen computers reported to be compromised; however ESET warns that it is still a fully-equipped spyware that can easily compete with other espionage tools.

FitzGerald explains how InvisiMole works:

“InvisiMole has a modular architecture, starting with a wrapper DLL and performing its spying activities using two other modules that are embedded in its resources. Both of these modules are feature-rich backdoors, which, together, provide the ability to gather as much information about the target as possible. Extra measures are taken to avoid attracting the attention of the compromised user, letting the malware reside on the system for longer.” “The malware can also intrude on the victim’s privacy by taking screenshots, which is another of the backdoor commands. The malware also monitors all fixed and removable drives mapped on the local system. Whenever a new drive is inserted, it creates a list of all the files on the drive and stores it encrypted in a file,” he says.

ESET further explains that the malware can also be instructed to look for recently used documents or other interesting files.

“The malware sniffs around interesting places on the system, reads recent documents or even modifies some files. This leaves traces on the system and could raise the victim’s suspicions as the time of the last access or modification of the files is changed with each such activity. To prevent this, the malware always restores the original file access or modification times, so that the user is unaware of its operation.”

FitzGerald adds that attackers can also collect all of this data. “All infection vectors are possible, including installation facilitated by physical access to the machine.” 

Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More
Story image
Revealed: The behaviours exhibited by the most effective CISOs
As cyber-threats pile up, more is being asked of CISOs - and according to Gartner, only a precious few are 'excelling' by the standards of their CISO Effectiveness Index.More
Story image
Kaspersky releases new report on consumer’s approach to digital services
COVID-19 related restrictions and the necessity to stay indoors has influenced the way people approach digital services, making them more aware of how securely both they, and their housemates, use the internet.More
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
Misinformation on the rise, organisations consider how best to respond
The increase in misinformation and fake domains have left organisations perceiving the threat level to be ‘very significant’, with a third planning greater emphasis on their ability to respond in coming months.More
Story image
Cryptomining trojan malware discovered by ESET researchers
The malware, primarily targeting victims in Czechia and Slovakia, prioritises subterfuge through deployment of multiple techniques to avoid detection, and leans heavily on the Tor network and BitTorrent protocol to achieve its goals.More