Home / / Madi malware still active, updated

Madi malware still active, updated

Malware that targeted Iran and Israel recently modified and still in operation says Kaspersky

Madi malware still active, updated
The Madi malware has increased its the capabilities and scope of its monitoring.

The ‘Madi' malware that was detected carrying out espionage attacks against targets in Iran and Israel last week is still active, according to security researchers.

Kaspersky Lab has warned that a new version of Madi has been discovered, despite command and control networks having been disabled. Nicolas Brulez, Kaspersky Lab Expert, writing on the Securelist blog, said a new version dated 25th July had been found.

The new version appears to have been modified, and now connects to a new command and control server located in Canada. Experts had thought that the malware was active once the command network was taken down.

The new version of the Trojan has also been modified to provide new capabilities. Madi now has the ability to monitor the Russian VKontakte social network, and the Jabber communications platform. The list of keywords that are being monitored has been expanded, and includes monitoring for visits to pages that include ‘USA' and ‘gov' in their titles.

Madi also now no longer waits for commands from control server to upload, but uploads stolen data to the server right away.

The UAE Telecommunications Regulatory Authority has also confirmed that some infections with Madi were detected in the country, albeit on a very small scale.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.