Madi malware hits Israel, Iran and Afghanistan

Malware, which has been dubbed Madi, has targeted more than 800 victims in Israel, Iran and Afghanistan, and may be the latest form of cyber-espionage to hit the Middle East.

According to the International Business Times, the malware hits specific victims including employees of critical infrastructure companies, financial services and government embassies, which are mainly located in Middle Eastern countries.

It is not clear if this is a state-sponsored campaign like Stuxnet and Flame but the company that spotted it, Seculert, said that it would need a huge amount of dosh to build.

The attack starts as a simple, spearphishing attack which targeted victims in the Middle East.

Malware was embedded within documents, such as text files and PowerPoint presentations, sent to specific victims. Once opened the malware would install on the victim’s PC and connect with one of four Command and Control (C&C) servers around the world – including Canada and Iran.

Kaspersky Lab said that the Trojan invites remote attackers to an all you can eat buffet of sensitive files.

Nicolas Brulez, Senior Malware Researcher at Kaspersky Lab said that Madi attackers have been able to conduct a sustained spying operation against high-profile victims.

While the way it got into the systems was amateurish and rudimentary this might have been part of a cunning plan to help the malware fly under the radar and evade detection.

Whoever wrote the code was fluent in Persian. It is impossible to say for certain where this malware originated, and considering the range of countries targeted, it could suggest a perpetrator outside the Middle East.

Stuxnet and Flame were written by the US and Israel, according to a political leak, but given that this attack seemed to have Israeli targets this is unlikely.