Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Downloads

Unveiling the mask V1.0

Paul Anderson by Paul Anderson
July 14, 2016 - Updated on May 20, 2022
in Downloads, Paper Downloads
0
Unveiling the mask V1.0
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

Unveiling the mask V1.0, pdf write-up, and analysis by Kaspersky Labs.

You might also like

Tiny banker aka Tinba Source

Malwarebytes Anti-Exploit BETA Released

Blackshades 2.6.3 Source

Excerpt from the writeup:

The Mask is an advanced threat actor that has been involved in cyber-espionage operations since at least 2007. The name “Mask” comes from the Spanish slang word “Careto” (“Ugly Face” or “Mask”) which the authors included in some of the malware modules.

More than 380 unique victims in 31 countries have been observed to date. What makes “The Mask” special is the complexity of the toolset used by the attackers. This includes an extremely sophisticated malware, a rootkit, a bootkit, 32- and 64-bit Windows versions, Mac OS X and Linux versions, and possibly versions for Android and iPad/iPhone (Apple iOS).

The Mask also uses a customized attack against older versions of Kaspersky Lab products to hide in the system, putting them above Duqu in terms of sophistication and making it one of the most advanced threats at the moment. This and several other factors make us believe this could be a nation-state-sponsored campaign. When active in a victim system, The Mask can intercept network traffic, keystrokes, Skype conversations, and PGP keys, analyze WiFi traffic, fetch all information from Nokia devices, screen captures, and monitor all file operations.

The malware collects a large list of documents from the infected system, including encryption keys, VPN configurations, SSH keys, and RDP files. There are also several extensions being monitored that we have not been able to identify and could be related to custom military/government-level encryption tools. Based on artifacts found in the code, the authors of the Mask appear to be speaking the Spanish language.

Download paper

Share30Tweet19
Paul Anderson

Paul Anderson

Editor and chief at ZeroSecurity. Expertise includes programming, malware analysis, and penetration testing. If you would like to write for ZeroSecurity, please click "Contact us" at the top of the page.

Recommended For You

Tiny banker aka Tinba Source

by Paul Anderson
September 19, 2014
0
Tiny banker aka Tinba

Tinba got its name from its extraordinarily small size – its code is approximately 20 kilobytes in size, a remarkably small number for banking malware. Tinba is a...

Read more

Malwarebytes Anti-Exploit BETA Released

by Paul Anderson
October 5, 2013 - Updated on December 6, 2013
0
Malwarebytes Anti-Exploit BETA Released

Malwarebytes Anti-exploit is a new application made by the makers of the freeware anti-virus, Malwarebytes. Protects Internet Explorer, Firefox, Chrome, and Opera browsers Protects browser components, including Java...

Read more

Blackshades 2.6.3 Source

by Paul Anderson
September 2, 2013 - Updated on September 17, 2013
0
Blackshades 2.6.3 Source

Blackshades full source, coded in Visual Basics 6. Blackshades Remote Controller is a RAT (Remote Administration Application) which allows a user to control several clients from around the...

Read more

BACKBOX 3.05 A new Linux Pen-Testing Distribution

by Paul Anderson
May 29, 2013
0
BACKBOX 3.05 A new Linux Pen-Testing Distribution

Last week the Linux Foundation announced a new distribution for BackBox Linux 3.05, which incorporates the kernel of Linux 3.2. This distribution is similar to backtrack and is...

Read more

PySQLi – Python SQL injection framework

by Paul Anderson
November 4, 2012
0
PySQLi – Python SQL injection framework

PySQLi is a python framework designed to exploit complex SQL injection vulnerabilities. It provides dedicated bricks that can be used to build advanced exploits or easily extended/improved to...

Read more
Next Post
Megaupload Plans to Return After 5 Years

Megaupload Plans to Return After 5 Years

Related News

NSA intercepting U.S. Routers

NSA intercepting U.S. Routers

June 6, 2014 - Updated on March 17, 2023
Netwire RAT seized by FBI and other worldwide police agencies

Netwire RAT seized by FBI and other worldwide police agencies

March 16, 2023
The Emotet botnet returns and is sending a slew of malicious emails

The Emotet botnet returns and is sending a slew of malicious emails

March 14, 2023
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology News
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Tools
  • Contact Us
  • Privacy Policy

© 2022 ZeroSecurity, All Rights Reserved.