ESET researchers found the cyber spy campaign, targeted at Ukrainian public institutions, AIN.ua reports.

The perpetrators infect the computers of victims withQuasar RAT, Sobaken and Vermin viruses, which have a similar source code, through which they steal data and audio records of conversations from the victims’ computers.

The viruses are spread through phishing letters and have already infected computer networks of several hundreds of victims from different public institutions of Ukraine.    

Quasar represents a malware with the open source code, designed for tracking and stealing data from the infected system. Sobaken is the modified version of Quasar, in which some functions are absent, but the program file is of less size; that is why it is easier to conceal it.

Vermin is the most dangerous out of three viruses. Besides the fulfilment of standard tasks, such as the monitoring of what is happening on the screen, uploading files, it also contains a set of functions, which allow switching on audio record, stealing passwords and reading the keypresses.

It is noteworthy that the viruses are modified so that to work only with Russian or Ukrainian layout with IP addresses within Russia or Ukraine. If these conditions are not fulfilled, the virus will be independently deleted.

The specialists note that the campaign is at least active from October 2015. ESET oversees the activities of hackers from mid-2017, and in January 2018, it was reported about the campaign publicly; however, since then, its scales only progress.

Who is behind attacks is not known: the attackers, not having serious skills and access to unknown vulnerabilities of Day 0, expertly use the social engineering for unnoticeable spreading of viruses.

“It emphasizes the necessity of teaching the personnel cybersecurity skills, except for presence of the qualitative decision in security”, the analysts summarize.