Home / Early Warning / Cybersecurity Highlights / Malware infects foreign embassies in Iran

Malware infects foreign embassies in Iran

02/04/2019

Kaspersky Lab has warned of several attempts to infect foreign embassies in Iran with a home-made program, which appears to use a Remexi malware backdoor update along with several legitimate tools.

Malware is capable of executing commands remotely, making screenshots, obtaining browser data, including user access credentials and history. The data obtained is filtered using the legitimate Microsoft Background Intelligent Transfer Service (BITS).

This malware was first detected in 2015 and used by the cyberspionage group Chafer in a surveillance operation targeting individuals and organizations in the Middle East.