Casper ghost

ESET, known for its antivirus software, published a report about a new state sponsored malware named Casper, created by the authors of Babar and Evil Bunny …

The report says : “The espionage group behind the infamous eavesdropping cartoon malware strikes again. After Bunny and Babar the Elephant, the cyber criminals have developed their latest piece of malware – Casper. This first-stage reconnaissance tool is able to send a detailed report about the victim’s infected machine to its controller”.

“For the first time Casper was detected in mid-April 2014, when infecting a few victims in Syria. To pull this off, the attackers used 0-day exploits against the Flash application taking advantage of CVE-2014-0515 vulnerability. This information has helped cyber criminals to learn the details about the infected machine in order to decide about the next steps − all without being noticed”.

“Based on the observation and analysis of the malware, ESET researchers were able to confirm that the code matches the one used in Babar and Bunny malware. But Casper has gone a step further, adapting its strategy depending on which antivirus runs on the target machine“.

The DGSE, French Foreign Intelligence Service, is believed to be the author of Casper.