A sophisticated type of malicious code capable of collecting personal user information such as emails, documents, audio and location data, has been detected on thousands of computers across the Middle East and Europe, several cyber-security firms announced on Monday.
Dubbed variously "Flame," "Flamer," and "SkyWiper," the code takes screenshots of infected computers and captures network traffic and can send it to its operators remotely.
"Flame," which is much larger in file size than many comparable attacks at 20 MB, is concentrated primarily on computers in Iran, according to Russian cyber security firm Kaspersky Labs, which detailed its analysis of the malware in a report on Monday.
As Kaspserky explained in a statement:
Although the features of Flame differ compared with those of previous notable cyber weapons such as Duqu and Stuxnet, the geography of attacks, use of specific software vulnerabilities, and the fact that only selected computers are being targeted all indicate that Flame belongs to the same category of super-cyberweapons.
Another security firm, Hungarian-based CrySyS Labs, noted in its report that the code was "the most sophisticated malware we encountered during our practice; arguably, it is the most complex malware ever found."
The Iranian National Computer Emergency Response Team posted a notice on Monday suggesting that Flame was to blame for "recent incidents of mass data loss."
It's unclear at this point who or which organization is behind the new threat. Due to its complexity and sophistication, it is suspected that a nation state is behind Flame. The malware was first spotted on computers in Europe in 2007, according to CrySyS Labs.