Kaspersky Labs recently discovered a new malware called “Gauss” with a module that aims to capture Lebanese bank accounts login credentials. And the targeted banks included Bank of Beirut, EBLF, Blom Bank, Byblos Bank, Fransabank, and Credit Libanais.
The article suggests the malware has been created by the US and Israeli governments and was not intended to steal money from client accounts, but rather to trace the source of funding to certain individuals (Hezbollah members I suppose).
The spyware, dubbed Gauss after a name found in one of its main files, also has a module that targets bank accounts in order to capture login credentials. The malware targets accounts at several banks in Lebanon, including the Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank and Credit Libanais. It also targets customers of Citibank and PayPal.
The researchers don’t know if the attackers used the bank component in Gauss simply to spy on account transactions, or to steal money from targets. But given that the malware was almost certainly created by nation-state actors, its goal is likely not to steal for economic gain, but rather for counterintelligence purposes. Its aim, for instance, might be to monitor and trace the source of funding going to individuals or groups, or to sabotage political or other efforts by draining money from their accounts.
Still, that doesn’t seem like the only purpose for that malware, since the people at Kaspersky are still working to crack the larger part of its code and identify what is it responsible for.
Make sure to read the very interesting and worrying report from Wired.com here.
I know protecting your network from a nation-state-created malware is quite hard, but I hope Lebanese banks are now taking the necessary measures to protect themselves from such attacks and eventually safeguard our information.
Thank you Ibrahim Lahoud