Malware

Dino Malware exposed: Found Spying on Iran and Syria

July 1, 2015

2 minute read

Links traced to “Animal Farm” group and State Sponsored cyber criminals who already have targeted Syrian and Iranian computers in 2013.

Bratislava, Slovakia-based security firm ESET’s researchers have identified a very sophisticated Trojan that attacked Iranian and Syrian subjects in 2013 while rumor is that the group is a secret wing of the French Intelligence service.

The Trojan has been named Dino because it was supposedly created by the so-called Animal Farm Group, which also created other Trojans like Bunny, Casper and Babar. Casper malware’s claim to fame is that it was involved in a large-scale attack on computer systems in Syria last fall.

ESET claims that “Dino’s main goal seems to be the exfiltration of files from its targets”.

In a blog post from ESET researcher Joan Calvet, Dino malware was described as,

“An elaborate backdoor built in a modular fashion. We believe this malicious software has been developed by the Animal Farm espionage group, who also created the infamous Casper, Bunny and Babar malware.”

Calvet further added that “the amount of shared code between Dino and known Animal Farm malware leaves very little doubt that Dino belongs to Animal Farm’s Arsenal.”

Dino malware was recently mentioned by researchers at Kaspersky as well and they described it as a “full featured espionage platform that comes with fabriqué en France” stamp on it.”

According to Kaspersky, Dino is distributed by a malware package called Tafacalou. The vast majority of Tafacalou victims have been in Syria, Iran, and Malaysia—with the US and China trailing far behind.

The analysis of Dino’s code was based on a sample that infected Iranian computer systems in 2013.

Joan Calvet writes that “Among its technical innovations, there is a custom file system to execute commands in a stealthy fashion, and a complex task scheduling module working in a similar way to the ‘cron’ Unix command. Interestingly, the binary contains a lot of verbose error messages, allowing us to see Dino’s developers’ choice of wording. Also, Dino contains interesting technical features, and also a few hints that the developers are French speaking.”

It is apparent that Dino shares quite a few of its attributes with the “Animal Farm” malware family and it can be termed as an improvised version of the techniques of “Babar,” which was the intelligence-gathering software implant of the previous generation.

ESET

Author

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

2 minute read

SDK Security Flaw Puts 100 Million Android Users Vulnerable to Backdoor Attack

A software development kit that has been provided by Baidu (A Chinese search engine) can easily be exploited…

byAgan Uzunovic

November 6, 2015

2 minute read

New SystemBC malware targets Windows PCs by evading detection

While finding and removing malware on your computer system may indeed be a joyous moment, there's a new malware out there that will give you a headache instead. To know why, a dive through is needed into SystemBC, a malware written in C++ that has been discovered by researchers at Proofpoint and dubbed so because the word is a part of the URI path found in one of the malware's advertisements.

bySudais Asif

August 4, 2019