The Mask: Scary New Face of Internet Intrusion
Ultra-sophisticated attack tool might have originated from a state-sponsored intelligence service.
Kaspersky Labs has announced the discovery of an advanced cyber-espionage tool. The tool, which is known as Careto or "The Mask," appears to have been created by a Spanish-speaking native. Experts believe Careto was developed to attack targets such as diplomatic institutions, government agencies, oil and gas companies, research organizations, and activist groups. The sophistication of the tool, and the pattern of victims discovered so far, has led some experts to speculate that Careto was developed by a state-sponsored spy agency. So far, researchers have identified victims in 31 countries.
Versions of Careto exist for Windows, Mac OS, and Linux systems. According to reports, the attacker sends a link through email that appears to come from a reputable source. When the victim clicks on the link, the target system is scanned for vulnerabilities, and Careto burrows in. The tool has a modular architecture, which means the attacker can upload new components to tailor the attack once Careto has infiltrated the network.
According to Kaspersky, "For the victims, an infection with Careto can be disastrous. Careto intercepts all communication channels and collects the most vital information from the victim's machine. Detection is extremely difficult because of stealth rootkit capabilities, built-in functionalities, and additional cyber-espionage modules."
Early versions of Careto date to 2007, and the tool was active until January of this year. Kaspersky says its investigation has caused the attacker's command and control servers for Careto to shut down in order to avoid discovery.
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.
-
Linux Usage Increases in Two Key Areas
If market share is your thing, you'll be happy to know that Linux is on the rise in two areas that, if they keep climbing, could have serious meaning for Linux's future.
-
Vulnerability Discovered in xz Libraries
An urgent alert for Fedora 40 has been posted and users should pay attention.
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs