The Flame malware was considered dead after it was discovered by experts from Kaspersky Lab in 2012. The mentioned virus is a complex system of tools designed to conduct espionage activities on a national-state scale. After the public exposure, Flame operators attempted to cover their tracks by erasing traces of the virus on infected computers, most of which were located in the Middle East and North Africa.
Now, specialists from Chronicle Security, which is part of Alphabet, have found traces of a modified version of Flame. It is assumed that the Trojan was actively used by cybercriminals from 2014 to 2016. The researchers say that the attackers did not destroy the malware, but redesigned it, making it more complex and invisible to protection tools.
Experts also found traces of the sophisticated malware Stuxnet, which was used in 2007 to sabotage the nuclear program in Iran. Experts believe that Stuxnet and Flame have similarities, which may indicate the origin of Trojans. Experts believe that Flame was developed in Israel and the United States, and the malware itself was used for spying. It should be noted that at the time of detection, the Flame virus was the first modular platform whose components could be replaced depending on the features of the attacked system.
Researchers now have new tools in their hands to help look for traces of past attacks, allowing them to shed light on some of them. As a result, it was possible to find files that were compiled in early 2014, about a year and a half after Flame was exposed. It is noted that at that time none of the anti-virus programs identified these files as malicious. The modular Trojan has many features that allow it to carry out espionage activities. For example, it can turn on the microphone on an infected device to record conversations taking place nearby.
Unfortunately, the researchers were unable to unleash the full potential of Flame 2.0, an updated version of the dangerous Trojan. To protect it, encryption was used, which did not allow specialists to study the components in detail. Therefore, the question of the possibilities and methods of distribution of Flame 2.0 remains open.
Source: 3dnews.ru