InvisiMole – Spyware Taking Pictures and Recording Audio

Windows Articles

How to update apps on Android

Hi folks! In this post, we will show you how to update your Android apps. Updating the apps on your device is...

How to install Apache Ant on Ubuntu 20.04?

Hello, friends. Apache Ant is a very important tool for the development of applications in Java. So in this post, we will...

How to use the ss command

For Linux users, there will come a time when you need to know about the network. Several tools help in this process,...

How to create user template in Windows Server 2019/2016

Hello! Windows Server has many features that support system administration. For example, through the users it is possible to manage many administrative...

Debian 10.6 available

Several volunteers have developed the free software distributed under the name of Debian. Debian does not sell its software directly, the developers...
Mel Khamlichi
Mel Khamlichihttp://www.osradar.com
Founder of Osradar, from Amsterdam Netherlands

In the world of malware, there are lots of advanced masterpieces that are able to hide its identity and perform illegal actions without any notification for a long time. This time, such a spyware is detected. Security researchers from ESET have recently discovered the spyware named “InvisiMole” that was on its job for the last 5 years!

InvisiMole spied on a very small number of targets in Ukraine and Russia. However, the origin of this malware is still not clear. It’s believed that it’s one of the advanced cyber-espionage tools that’s for financially motivated or nation-state hacks.

Such assessment is depending on its capability and the availability of such malware in the wild. InvisiMole infected only a few computers and consists of powerful abilities that generally takes months to properly develop. That’s why it isn’t suspected of being a work of any individual slash-and-grab cyber-criminal.

InvisiMole – very silent thief

Except for the binary files of the malware, there’s hardly any information on how it spreads, who’s behind the malware and where it’s in use.

According to ESET researcher Zuzana Hromcová, the telemetry data of the spyware indicates that the actor(s) behind the malware has been active since 2013 and wasn’t discovered until recently when ESET products detected it on compromised computers.

Unlike most other malware, this one has almost 0 clues about itself as most of the clues are wiped. That way, the actor(s) are safe of their identity. With exception of one file (dating to 13 October 2013), all other compilation dates were replaced with zeros.

InvisiMole modules

The malware consists of 2 intelligent modules with unique spying features for each.

  • RC2FM

This one is less capable and the smallest of the 2 modules. It supports only 15 commands with the power of altering the local system, search and steal data altogether. Some of the commands also allow turning on/off user’s microphone and webcam, record audio or take screenshots, monitor local drives, encode audio into MP3 and send back to the command and control server.

This module isn’t as advanced as the second one, but it has the ability to extract proxy information from the browsers and use that configuration for sending data to its command and control server.

  • RC2FL

This is more powerful of the 2 modules of InvisiMole, with support for 84 backdoor commands with the power of almost anything an advanced spyware can do.

The power includes running remote shell commands, file execution, registry key manipulation, extracting network info, disabling UAC, loading drivers and more. Like the first module, it can also take screenshots via the webcam and record audio.

According to Hromcová, this module is also able to safely delete its own file after the collection has taken place. Thus, it’s able to prevent forensic tools detecting any shadow files on disks.

Another unique feature is, RC2CL can turn into a proxy and enhance the communication between the first module and the C&C server.

Above all, it’s one of the most powerful spyware discovered till date and probably, the best one around the internet.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to update apps on Android

Hi folks! In this post, we will show you how to update your Android apps. Updating the apps on your device is...

How to install Apache Ant on Ubuntu 20.04?

Hello, friends. Apache Ant is a very important tool for the development of applications in Java. So in this post, we will...

How to use the ss command

For Linux users, there will come a time when you need to know about the network. Several tools help in this process,...

How to create user template in Windows Server 2019/2016

Hello! Windows Server has many features that support system administration. For example, through the users it is possible to manage many administrative...

Debian 10.6 available

Several volunteers have developed the free software distributed under the name of Debian. Debian does not sell its software directly, the developers...