Researchers at security firms Kaspersky Lab and Crysys Lab released tools today to detect if your computer is infected by the Gauss virus, a piece of malware that focuses on stealing bank account login credentials.
Gauss was discovered yesterday by Kaspersky Lab, and its function is to steal access credentials to Lebanese banks. These include the Bank of Beirut, BlomBank, EBLF, ByblosBank, Credit Libanais, and FransaBank. It also steals information for Citibank and PayPal. On top of that, the malware grabs browser history, cookies, passwords, system configurations, and more. Researchers have not been able to get much information about the builders themselves, as the command and control servers were shut down, leaving the malware in limbo.
Gauss is related to a number of high-profile viruses including Stuxnet, which became famous after attacking nuclear plants in Iran in 2010, and its sister malware, Duqu. It is also related to the recently infamous Flame, which has been referred to as a major advancement in cyberespionage.
Gauss and Flame are closer together in relation. Kaspersky says the two share nearly identical features and were built off of the same code base. The firm says Stuxnet’s creators probably worked closely with those of Gauss and may have even shared source code.