The trojan worm named ‘Backdoor.Regin’ is involved in password and data theft, capturing screenshots from infected computers, network traffic monitoring and analysing email.
The security firm says the virus targets computers in 10 countries, a majority in Russia and Saudi Arabia but five percent of the infections have been traced to India.
“Regin has targeted mostly private individuals and small businesses, but also telecom, hospitality, energy, airline and research firms,” said Symantec in a statement.
With several stealth features, anti forensics, custom encryption, it is a “highly-complex threat which has been used in systematic data collection or intelligence gathering campaigns”.
Regin has two versions, Version 1 which worked from 2008 and was withdrawn in 2011, and the second version that has been silently infecting computers since 2013.
Almost 30% of the attacks are on telecom companies and “attacks on telecoms companies appear to be designed to gain access to calls being routed through their infrastructure”, Symantec noted.
The country responsible for the worm has not been named until now.
Source: Hindustan Times