(LiveHacking.Com) – Kaspersky Lab has found a new piece of malware that is linked with the various nation-state cyber-espionage malware including Stuxnet, Duqu, Flame and Gauss. Although found all over the world, these malware attacks have specifically targeted the Middle East. Previous analysis of the Flame malware led Kaspersky Lab that there was some form of collaboration between the groups that developed Flame, Stuxnet and Duqu. Further research prompted the discovery of the previously unknown malware called Gauss which uses a modular structure resembling that of Flame, has a similar code base and uses the same system for communicating with its C&C servers. The made the whole family: Flame, Stuxnet, Duqu and Gauss.
Now Kaspersky Lab has discovered miniFlame. This new malware is based on the Flame platform and can be operated as part of Flame, but it can also be run as independently, without the main Flame modules installed.
“The SPE malware, is a small, fully functional espionage module designed for data theft and direct access to infected systems. If Flame and Gauss were massive spy operations, infecting thousands of users, miniFlame/SPE is a high precision, surgical attack tool,” wrote GReAT a Kaspersky Lab Expert.
Kaspersky Lab have also discovered that miniFlame can also be used in together with Gauss. It has also been assumed that Flame and Gauss were parallel projects but different as they did not have any common modules or common C&C servers. The fact that miniFlame works with both of these malware projects, proves that that they come from the same authors.
Like the others in the family, miniFlame is targeting the Middle East. Flame attacks where found mainly in Iran and Sudan, while Gauss was mostly present in Lebanon. However miniFlame does not have a clear geographical bias but there are reports from Lebanon, Palestine, Iran, Kuwait and Qatar.
Kaspersky Lab have a a Full Technical Paper on miniFlame here.