Dino malware 'had targets in Iran'
French-made malware uncovered by ESET
Security firm ESET has uncovered a sophisticated Trojan that it claims targeted Iranian subjects during 2013.
Named Dino, the malware is thought to have been made by the so-called Animal Farm group, which also created the Trojans Bunny, Babar and Casper, and is rumoured to be an arm of the French intelligence service.
According to ESET, "Dino's main goal seems to be the exfiltration of files from its targets".
"Roughly, Dino can be described as an elaborate backdoor built in a modular fashion," said ESET malware researcher Joan Calvet in a blog post.
"Among its technical innovations, there is a custom file system to execute commands in a stealthy fashion, and a complex task-scheduling module working in a similar way to the 'cron' Unix command.
"Interestingly, the binary contains a lot of verbose error messages, allowing us to see Dino's developers' choice of wording. Also, a few technical artefacts suggest that Dino was authored by native French speakers."
Calvet added that "the amount of shared code between Dino and known Animal Farm malware leaves very little doubt that Dino belongs to Amimal Farm's Arsenal.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Slides from the Communication Security Establishment Canada (CSEC), leaked by Edward Snowden and which first shone a light on the Animal Farm trojans, show the Canadians also believed "with moderate certainty" that Dino et al were created by French intelligence services.
ESET was able to say little on who Dino was designed to target, other than these targets were Iran in 2013, but as it is now in the wild, all systems may be at risk.
Indicators of a compromise can be found at the bottom of Calvet's blog.
Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.
Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.