A newly uncovered espionage tool, apparently designed by the same people behind the state-sponsored Flame malware that infiltrated machines in Iran, has been found infecting systems in other countries in the Middle East, according to researchers, Wired Threat Level reports.

The malware targets accounts at several banks in Lebanon, including the Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank and Credit Libanais. It also targets customers of Citibank and PayPal.

Aside from 1,660 infections in Lebanon, 482 are in Israel and 261 are in the Palestinain territories, and 43 are in the U.S. Only one infection has been found in Iran. The majority of victims infected by Gauss use the Windows 7 operating system.