A stunningly advanced malware threat has been targeting government institutions, diplomatic offices, energy companies, private equity firms, activists, and more for five years now, infecting at least 380 unique victims across 31 countries, Kaspersky security researchers have revealed. They're calling the virus "Careto" (meaning "mask" or "ugly face"), because the word crops up in some of the code. The hackers' professionalism and care in covering their tracks "make us believe this could be a state-sponsored operation," the researchers write.
Computers are infected via spearphishing emails, which point users to seemingly innocuous links to reputable sites like YouTube or the Washington Post. Once the device—be it PC, Mac, or even smartphone—is infected, the unwitting user is quickly redirected to the site they assumed they were clicking on. The virus has been most active in Morocco and Brazil, followed by the UK, Spain, France, Switzerland, Libya, the US, and Iran. Kapersky identified a Paris-based firm called Vupen as being responsible for one of the exploits the Mask employs. Vupen discovered the Flash flaw in a 2012 hacking competition, but, in a controversial move, chose not to reveal it, saying it would sell it instead. Asked about the revelation, the company told Reuters, "Believe it or not, but there are many other companies selling" such exploits.