A new piece of malware known as Regin is targeting small businesses, individuals, government entities and research institutes, according to a whitepaper released by California-based technology company Symantec.
“Regin is an extremely complex piece of software that can be customized with a wide range of different capabilities that can be deployed depending on the target,” the Symantec whitepaper states.
So, how does it work? Targets are lured to spoof version of well-known websites, where the threat can then be installed either through the web browser or applications. Symantec notes in its whitepaper that it could have originated from Yahoo! Instant Messenger.
Regin isn’t a new threat— but it is making a comeback with an ever growing range of targets.
“Regin is a multi-purpose data collection tool which dates back several years,” the whitepaper states. “Symantec first began looking into this threat in the fall of 2013. Multiple versions of Regin were found in the wild, targeting several corporations, institutions, academics and individuals.”
Symantec reports that half of all cases specifically targeted small business and individuals. Telecom companies were also hit hard as targets, as attacks allow access to calls routed through company infrastructure.
“Regin is an extremely complex piece of software that can be customized with a wide range of different capabilities that can be deployed depending on the target,” Symantec’s whitepaper states.
(RELATED STORY: http://www.wired.com/2014/11/mysteries-of-the-malware-regin/)
Here’s a video breakdown of how Regin works: