Government-grade malware in hacker hands

Government-grade malware in hacker hands

Summary: New research suggests that 'government-grade' malware designed to operate undetected on computer systems is in the hands of cybercriminals who are integrating it into rootkits and ransomware.


"Government-grade" malware, which lurks in computer systems undetected for long periods of time, is believed to be in the hands of hackers using it to make rootkits and ransomware more potent.

According to security researchers at Sentinel Labs, malware originally created for the purpose for government espionage, dubbed Gyges, is now undergoing a transformation as hackers are using the software to make their own rootkits and ransomware more sophisticated and harder to detect.

Gyges was discovered in March this year by Sentinel Labs Research Lab, as detailed within the company's latest intelligence report (.PDF). According to the report, the malware probably originated from Russia, and "is virtually invisible and capable of operating undetected for long periods of time."

"It comes to us as no surprise that this type of intelligence agency-grade malware would eventually fall into cybercriminals’ hands," Sentinel Labs states. "Gyges is an early example of how advanced techniques and code developed by governments for espionage are effectively being repurposed, modularized and coupled with other malware to commit cybercrime."

While Sentinel Labs was able to detect the government-grade malware with on-device heuristic sensors, many intrusion prevention systems would miss it. Gyges uses "sophisticated anti-tampering and anti-detection techniques," as well as lesser known injection techniques. The malware waits for user inactivity before operating — in direct contrast to popular methods that activate when a user is active — which helps it avoid detection by sandbox-based security tools.

The malware also uses a hooking bypass technique that exploits a log bug in Windows 7 and 8, both x86 and x64 versions, contains anti-debugging and anti-reverse-engineering defenses, and uses a "protector," Yoda, which obscures malicious activity by converting the application into sections.

Gyges can be bolted on to other malware, making malicious code more difficult to detect. While the researchers believe that Gyges may have been used in ransomware, such as CryptoLocker, they also believe that the code was designed to be a "carrier" for sophisticated attacks — such as the infiltration of government systems in order to steal valuable and sensitive information. The carrier could be used to insinuate code into systems, which allows for keylogging, spying, screen capture and data theft.

By bolting the sophisticated code on to less sophisticated malware, such as rootkits and ransomware, rates of infection can be increased — as well as duration. This, in turn, can give cybercriminals a better return on investment if they are tacking on Gyges to make ransomware harder to detect and remove — which can then be used to force computer users to hand over financial data and pay unlock fees.

Sentinel Labs says:

The Gyges variant not only demonstrates the growing sophistication of malware, but more importantly shows how the lines are blurring between government-grade and mainstream attack code. The fact that "carrier" code can be "bolted on" to any type of malware to carry out invisible attacks is another indication that current approaches to security have reached their end of life for detecting advanced threats.

Topics: Security, Government, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Snowden is a naive fool

    "According to the report, the malware probably originated from Russia, and "is virtually invisible and capable of operating undetected for long periods of time"

    The irony of Snowden hiding in Russia and appointing himself ultimate arbiter of what US intelligence can and cannot do continues to amaze. If this government-grade hacking technology originated in Russia, then it logically follows that Russia is hacking as much as anyone.

    Do all the apologists still think he's a hero for betraying one country while turning a blind eye to the activities of another?
    • I like the way you think

      I am amaze that this AHOLE is still alive.
      • your to funny

        Snowden will not be killed. WikiLeaks founder and Snowden both are sitting on information that is keeping them alive. A smart leaker knows to keep the really critical information for deadman trigger. On death have key people release documents. very simple. Unless USA finds these people first there is no way these gents will ever pay.
    • I think that he is a traitor

      He gave all of our secrets to the world as though we were not in a high stakes war with China and Russia that will have long lasting impacts on our industry, economy and military.

      He should be hunted down like a dog and be made to pay.
      Burger Meister
      • I think he is a hero

        most non technical people have no clue how anything works on cell phones or online. The fact that our government is performing the same ideas of that of German SS with using programs to profile every person and who they are connected with is just sickening. Add in the fact that most people don't understand the implications of this surveillance and assume they have nothing to hide. Freedom or speech is no more when you can not say anything bad about your government for fear they will flag you as an activist or terrorist because of patriot act. so tell me exactly why you support complete government control? do you really believe that its necessary to keep USA safe? Let look at the other elements, what about political manipulation , or USA stealing technology and doing industrial espionage to ensure US remains on top? Is that acceptable? Im just saying that yes some things are warranted I agree but there is more evil and harm that comes from this than anything that will keep you safe.
        • HERO

          I think he's a hero as well. He knew that he would be a wanted man and his life would never be the same again, but yet he acted as a true PATRIOT and told the American people that they were being illegally spied on by their government. Without Snowden, we would most likely all be going blindly about our business as our government created records on each and every one of us without reasonable cause. This in itself is against the constitutional amendments that are there to protect us from such intrusive acts by the government.
          Snowden, you are a true hero, and I thank you for your service to our country. Perhaps one day you can return to your home a free man.....
      • But

        If Snowden, released the information on Russia or China and fled to the states you would say he is a hero. So I guess it depends on what side you are on, if he is a hero or traitor.
        • YES schultzycom. Its the absolute stock in trade around here.

          Russia is not a country with a good government, no doubt. They have some serious problems. But there are no perfect governments and they all have been seen to have an assortment of problems, some quite serious.

          But none the less, nobody ever figures around here that's whats good for the goose is good for the gander. They hate what they hate and don't like to hear much of anything else. Logic isn't particularly important in the discussion.
      • Get serious

        These "high stakes" wars are just shows for the ignorant public. Behind the scenes, all these scum work together. China has been built up by the decision makers who sit above the U.S. government. Russia is helped along by the same Wall Street crowd.

        Snowden was a conduit to release information. Most of the population think he's a lone wolf. The U.S. gov could find a man on the moon and remove him from existence, if they wanted.

        As far as supplying China and Russia with secrets, recall that the whole Lewinsky scandal. That was a distraction to keep the attention away from Clinton and his cronies supplying high military technology to the Chinese. If you want to get into treason, let's start there.
    • I can't believe you're so dumb.. OK yes I can !

      Who cares where something originated? Its got nought to do with it. Just because the country has a lot of intelligent computer literate programmers has absolutely nothing to do with any politics. Facts are the country is relatively poor and these clever guys can earn a lot of money in their free market enterprise... just a shame it affects you and me in a bad way. That said theres nothing to say any code they're using isn't actually USA or others. Maybe Mr Snowdon gave them some info into that.. don't shoot the messenger though. Unless you're saying he's the bad guy for telling us our systems were compromised years ago??? Surely the bad guys generated the code in the first place ????
  • He was in a position to see the illegal activities going on...

    But not in a position to see the other.

    Logic is not your strong suit.
    • You are naive

      Even non-classified intelligence reports clearly indicate Russian and Chinese hacking capabilities. If he wasn't aware of these then he is an idiot as well.
      Burger Meister
      • You are right

        They all know every country does it. But Snowden did not have access to China or Russia's intelligence agencies. He did however have access to the NSA, and he released documents showing what the government is doing to its own people. Not that everyone did not know, but most did not want to accept.
    • Nor yours, apparently. (nt)


    but he can extrapolate better than most of us as to what they were/are doing. Just like the Chinese may actually be doing it more than the Russians. Don't forget, that China has companies setup here in the U.S and that some/most of them do enough spying for their goverment.
    pc boss
    • And Russia doesn't?

      What about Kaspersky?

        What difference does it make what China and the Russians are doing? Does what they are doing make it OK for our government to spy on us? The Soviet Union and China Have to get us to download spyware, our government only needs to get a court order which they can do at the drop of a hat. I believe Snowden is a hero. The People in the U.S. were like a young woman who had been slipped a roofie, did not know what was happening when it happened and might think some thing bad had happened, but not know who did it or when. We still don't know when, but know what happened.
        earl harbeson
  • Definitely a hero.

    Who wants all their communications to be spied on and stored for future use?
  • Don't be amazed, be sad...

    Our country lost those capabilities decades ago, the tennis-for-lunch-bunch that run the government, all graduates from the clown colleges Harvard & Yale, culled the cowboys from the community because they disliked them and were just plain afraid of them. Now they depend on special ops (organizationally top heavy) or drone strikes (limited applications) to get anything done - which means nothing really necessary get done i.e. Snoden, Assange, Abdul Qadeer Khan, etc.

    The community just isn't what it used to be, and may never be again. You should feel sorry for the guys that let Snoden get out of Hong Kong alive; they just couldn't get a missile lock because of all the hanging laundry and noodle vendors, and the special ops were too busy in Afghanistan to stop by.

    Darn it, we'll get'em next time.
    Makes Things
    • Hanging laundry and noodle vendors?

      Really? A stereotype of American Chinatowns from the 1920s? You are aware that Hong Kong was a pearl in the British necklace in Asia until 1997, aren't you?

      I can imagine the reverse stereotype in a Chinese comment about Huntsville: something about trailers and meth labs. We would be offended at that; and this remark is just as racist.