The virus, dubbed “Regin,” was created to employ a five-phase method for mass surveillance and appears to be a cyber espionage tool of a nation state, Symantec said Sunday.
The company says the bug “displays a degree of technical competence rarely seen” and uses the remote access tool Trojan to take over mouse functions, steal passwords, monitor network traffic and recover deleted files.
Attacks have been observed since at least 2008, with nearly half of Regin infections targeted information from small companies and citizens, according to Symantec.
Researchers identified Russia, Saudi Arabia, Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria and Pakistan as the countries where the malware infections occurred.