Apr 1, 2015 · 1 minute

Newly discovered malware is reportedly being used to collect information from targets linked to the gas, helium, and petroleum industries throughout the Middle East.

According to Symantec, Devices affected by the bug were found mostly in the United Arab Emirates, Saudi Arabia, Pakistan, Kuwait, and other countries in the Middle East. It was also found on devices in the United States and the United Kingdom, however.

The malware is spread via malicious attachments sent alongside emails from the "moneytransfer.eu" domain. Once those attachments are opened, a tool called Trojan.Laziok is installed; if it determines the target is worth surveilling, it then installs Backdoor.Cyberat and Trojan.Zbot to collect as much data as possible.

Symantec doesn't speculate about the identity of whoever's behind the malware, but it does note that whoever it is likely isn't very sophisticated. As it explains:

The group behind the attack does not seem to be particularly advanced, as they exploited an old vulnerability and used their attack to distribute well-known threats that are available in the underground market. However, many people still fail to apply patches for vulnerabilities that are several years old, leaving themselves open to attacks of this kind. From the attacker’s perspective, they don’t always need to have the latest tools at their disposal to succeed. All they need is a bit of help from the user and a lapse in security operations through the failure to patch.

It's not clear what the malware's creators are seeking, but the targeting of energy companies in the Middle East suggests that whoever's behind the surveillance does business with the companies, or is at least concerned with their activities.