Flame and Stuxnet cousin targets Lebanese bank customers, carries mysterious payload

August 11, 2012

Various distribution of infections by Stuxnet, DuQu, Flame and Gauss (credit: Kaspersky Lab)

A newly uncovered espionage tool, apparently designed by the same people behind the state-sponsored Flame malware that infiltrated machines in Iran, has been found infecting systems in other countries in the Middle East, according to researchers, Wired Threat Level reports.

The malware targets accounts at several banks in Lebanon, including the Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank and Credit Libanais. It also targets customers of Citibank and PayPal.

Aside from 1,660 infections in Lebanon, 482 are in Israel and 261 are in the Palestinain territories, and 43 are in the U.S. Only one infection has been found in Iran. The majority of victims infected by Gauss use the Windows 7 operating system.