InvisiMole spyware turns affected computer into video camera

Brink

Brink

Administrator
Staff member
Local time
9:46 AM
Messages
74,883
Location
Oklahoma
This is the modus operandi of the two malicious components of InvisiMole. They turn the affected computer into a video camera, letting the attackers see and hear what’s going on in the victim’s office or wherever their device may be. Uninvited, InvisiMole’s operators access the system, closely monitoring the victim’s activities and stealing the victim’s secrets.

Our telemetry indicates that the malicious actors behind this malware have been active at least since 2013, yet the cyber-espionage tool was never analyzed nor detected until discovered by ESET products on compromised computers in Ukraine and Russia.

The campaign is highly targeted – no wonder the malware has a low infection ratio, with only a few dozen computers being affected.

InvisiMole has a modular architecture, starting its journey with a wrapper DLL, and performing its activities using two other modules that are embedded in its resources. Both of the modules are feature-rich backdoors, which together give it the ability to gather as much information about the target as possible.

Extra measures are taken to avoid attracting the attention of the compromised user, enabling the malware to reside on the system for a longer period of time. How the spyware was spread to the infected machines is yet to be determined by further investigation. All infection vectors are possible, including installation facilitated by physical access to the machine...

Conclusion

InvisiMole is fully-equipped spyware whose rich capabilities can surely compete with other espionage tools seen in the wild.

We can only wonder why the authors decided to use two modules with overlapping capabilities. One might think the smaller module, RC2FM, is used as an initial reconnaissance tool, while the bigger RC2CL module is only run on interesting targets. This is, however, not the case – both of the modules are launched simultaneously. Another possible explanation is that the modules might have been crafted by various authors and then bundled together to provide the malware operators a more complex range of functionalities.

The malware uses only a few techniques to avoid detection and analysis, yet, deployed against a very small number of high-value targets, it was able to stay under the radar for at least five years....
Click to expand...


Read more: InvisiMole spyware hunting for secrets while staying deep in the shadows

See also: malware-ioc/invisimole at master - eset/malware-ioc - GitHub
 

My Computer My Computer

At a glance

64-bit Windows 11 Pro for WorkstationsIntel i7-8700K OC'd to 5 GHz64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600...ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self built custom
OS
64-bit Windows 11 Pro for Workstations
CPU
Intel i7-8700K OC'd to 5 GHz
Motherboard
ASUS ROG Maximus XI Formula Z390
Memory
64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz
Graphics Card(s)
ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Sound Card
Integrated
Monitor(s) Displays
2 x Samsung Odyssey G7 27"
Screen Resolution
2560x1440
Hard Drives
1TB Samsung 990 PRO M.2,
4TB Samsung 990 PRO PRO M.2,
TerraMaster F8 SSD Plus NAS
PSU
Seasonic Prime Titanium 850W
Case
Thermaltake Core P3
Cooling
Corsair Hydro H115i
Keyboard
Logitech wireless K800
Mouse
Logitech MX Master 4
Internet Speed
2 Gb/s Download and 100 Mb/s Upload
Antivirus
Malwarebyte Anti-Malware Premium
Browser
Google Chrome
Other Info
Logitech Z625 speaker system,
Logitech BRIO 4K Pro webcam,
HP Color LaserJet Pro MFP M477fdn,
APC SMART-UPS RT 1000 XL - SURT1000XLI,
Galaxy S23 Plus phone
And people wonder why I remove the webcam software on my notebook and put tape over the camera lens.
 

My Computer My Computer

At a glance

Win 7 Ultimate 64 bitIntel i7-3930KKingston HyperX Genesis 32GB Kit (8x4GB Modul...MSI R7850 Twin Frozr 2GD5/OC Radeon HD 7850 2...
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Win 7 Ultimate 64 bit
CPU
Intel i7-3930K
Motherboard
ASUS P9X79 WS
Memory
Kingston HyperX Genesis 32GB Kit (8x4GB Modules) 1600MHz DDR
Graphics Card(s)
MSI R7850 Twin Frozr 2GD5/OC Radeon HD 7850 2GB 256-bit GDDR
Sound Card
Asus Xonar Essence STX
Monitor(s) Displays
3x Asus VG248QE 24", Vizio 32" TV
Screen Resolution
1920 x 1080, ?
Hard Drives
Samsung 128GB 840 Pro SSD (1),
Samsung 4TB 850 EVO SSDs (4)
Samsung 4TB 850 EVO SSDs (16) external backup drives used in 2.5" hot swap bays in the computer.
PSU
Corsair HX750w
Case
Antec Two Hundred v2 (modified)
Cooling
Cooler Master GeminII S524 120mm (fan replaced with a 140mm)
Keyboard
Logitech G510s
Mouse
Logitech M525 (two in use)
Internet Speed
=< 32Mbps down, 8Mbps up
Antivirus
AVAST!, MBAM, SAS, Spybot S&D (all but MBAM free) Glary Util
Browser
IE11
Other Info
LSI 9211-8i HBA card (8 SATA III ports), 2.5" & 3.5" Hot Swap Bays, HooToo HT-CR001 PCI-E to USB 3.0 Internal Hub + 6 Slot Card Reader, and LG Model CH12LS28 BD-ROM Optical Drive. Also, ScanSnap S1500 ADF duplexing scanner, Canon 9000F flat bed scanner, Corsair SP2500 2.1 speakers, Samsung CLP 415nw laser color printer, Cyberpower PP2200SW UPS
Surprise, you're on Candid Camera. ;)
 

My Computer My Computer

At a glance

64-bit Windows 11 Pro for WorkstationsIntel i7-8700K OC'd to 5 GHz64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600...ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Self built custom
OS
64-bit Windows 11 Pro for Workstations
CPU
Intel i7-8700K OC'd to 5 GHz
Motherboard
ASUS ROG Maximus XI Formula Z390
Memory
64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz
Graphics Card(s)
ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Sound Card
Integrated
Monitor(s) Displays
2 x Samsung Odyssey G7 27"
Screen Resolution
2560x1440
Hard Drives
1TB Samsung 990 PRO M.2,
4TB Samsung 990 PRO PRO M.2,
TerraMaster F8 SSD Plus NAS
PSU
Seasonic Prime Titanium 850W
Case
Thermaltake Core P3
Cooling
Corsair Hydro H115i
Keyboard
Logitech wireless K800
Mouse
Logitech MX Master 4
Internet Speed
2 Gb/s Download and 100 Mb/s Upload
Antivirus
Malwarebyte Anti-Malware Premium
Browser
Google Chrome
Other Info
Logitech Z625 speaker system,
Logitech BRIO 4K Pro webcam,
HP Color LaserJet Pro MFP M477fdn,
APC SMART-UPS RT 1000 XL - SURT1000XLI,
Galaxy S23 Plus phone

My Computer My Computer

At a glance

Win 7 HP SP1 64-bit Vista HB SP2 32-bit Linux...Intel(R) Pentium(R) CPU P6200 @ 2.13GHz4.00 GBIntel(R) Graphics Media Accelerator HD
Computer type
Laptop
Computer Manufacturer/Model Number
Fujitsu LIFEBOOK
OS
Win 7 HP SP1 64-bit Vista HB SP2 32-bit Linux Mint 18.3
CPU
Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Motherboard
FUJITSU FJNBB06
Memory
4.00 GB
Graphics Card(s)
Intel(R) Graphics Media Accelerator HD
Sound Card
[1] Realtek High Definition Audio [2] Intel(R) Display Audio
Screen Resolution
1366 x 768 x 32 bits (4294967296 colors) @ 59 Hz
Hard Drives
TOSHIBA MK5076GSX
Antivirus
AVG FREE
I use a simple plastic lens blocker to physically cover my lens. Sometimes the simplest solution (low tech) is the best solution.
 

My Computer My Computer

At a glance

Win 7 Home Prem x64 SP1AMD FX6350 Vishera 3.9Ghz16Gb Ballistix Sport 2x8Gb DDR3-1600nVidia GEForce 1050Ti 4mg
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Win 7 Home Prem x64 SP1
CPU
AMD FX6350 Vishera 3.9Ghz
Motherboard
ASUS M5A97 R2.0
Memory
16Gb Ballistix Sport 2x8Gb DDR3-1600
Graphics Card(s)
nVidia GEForce 1050Ti 4mg
Sound Card
on board Realtek HD w/Logitech 2.1 speakers
Monitor(s) Displays
AOC 2243w
Screen Resolution
1920x1080
Hard Drives
500g Samsung Evo 850 OS SSD,
250g Samsung Evo 850 SSD for data,
1Tb Toshiba SSD for b/u's.
PSU
Corsair CX750 modular
Case
MasterCooler Elite 330
Cooling
2x case, Coolermaster Viper CPU stack
Keyboard
ms wireless desktop 2000
Mouse
ms wireless desktop 2000
Internet Speed
Cable:Average about 250Mbps down, 25Mbps Up +/-
Antivirus
MSE, Cclnr, MwBytes, SA-S
Browser
IE11
Erm, Russia and the Ukraine affected - perhaps it's just Vladimir checking next years election results
 

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 Pro x64 [Latest Release and Releas...Ryzen 9 5950X, 3.8 - 5.2 MHz64GB [2 x 32GB] DDR4 3200MHz4GB NVIDIA GEFORCE GTX 1650 Ti
    Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    ChillBlast - Custom to my design
    OS
    Windows 11 Pro x64 [Latest Release and Release Preview]
    CPU
    Ryzen 9 5950X, 3.8 - 5.2 MHz
    Motherboard
    Asus Prime X570-Pro
    Memory
    64GB [2 x 32GB] DDR4 3200MHz
    Graphics Card(s)
    4GB NVIDIA GEFORCE GTX 1650 Ti
    Sound Card
    On-board SPDIF to 5.1 System + HDMI [5.1 system]
    Monitor(s) Displays
    32" UHD 32 Bit HDR Monitor + 43" UHD 4K 32Bit HDR TV
    Screen Resolution
    2 x 3840 x 2160 @60Hz
    Hard Drives
    1TB M2 SSD OS, 500GB Fast Access SSD, 2 x 8TB Data + Various Externals from 1TB to 4TB, 10TB NAS
    PSU
    NZXT C750 80 PLUS Gold 750W Modular PSU
    Case
    Workstation Case [Matt Black]
    Cooling
    NZXT Kraken X63 280mm CPU Cooler +2x Quiet Case fans
    Keyboard
    Logitech Wireless MX Keys & K400 + others
    Mouse
    Logitech Wireless MX Master 3S
    Internet Speed
    920 MB Down 50 MB Up
    Antivirus
    BitDefender Total Security Pro
    Browser
    Chrome (always run latest Non-Beta)
    Other Info
    Also run ...
    Laptop - Quad 8GB - Windows 10 Pro x64
    Nexus 7 Android tablet x2
    Samsung 10.2" tablet
    Blackview TAB 8 4G Android Tablet c/w Keyboard
    Wacom Intuos Pro Medium Pen Pad
    Wacom Intuos Pro Small Pen Pad
    Wacom Expresskeys Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control

  • At a glance

    Windows 11 Pro x64 Latest RPIntel I7 10750H 5.0GHz32GB [2x16GB] DDR4 2933 MHznVidia GTX1650Ti 4 GB GDDR6
    Computer type
    Laptop
    System Manufacturer/Model Number
    Dell XPS 17 10750H
    OS
    Windows 11 Pro x64 Latest RP
    CPU
    Intel I7 10750H 5.0GHz
    Motherboard
    Dell XPS
    Memory
    32GB [2x16GB] DDR4 2933 MHz
    Graphics Card(s)
    nVidia GTX1650Ti 4 GB GDDR6
    Sound Card
    Stock [Realtek] 4 Speaker
    Monitor(s) Displays
    17" IPS UHD+ Infinity Edge Touchscreen
    Screen Resolution
    3840 x 2400
    Hard Drives
    2TB M2 NVMe, 4TB External + various 500GB & 1TB External NVMe (also have access to spinner HDD from
    PSU
    Stock
    Case
    Stock XPS Aluminium & Carbon Fibre
    Cooling
    Stock - Active Fan Control
    Keyboard
    Backlit + Various Logitech
    Mouse
    Stock Track Pad + Logitech MX Trackball
    Internet Speed
    72 MB Down 18MB Up
    Browser
    Chrome
    Other Info
    Also run ...
    Laptop - Quad 8GB - Windows 10 Pro x64
    Nexus 7 Android tablet x2
    10.2" tablet
    Sony Z3 Android Smartphone
    Wacom Intuos Pro Medium Pen Pad
    Wacom Intuos Pro Small Pen Pad
    Wacom Expresskeys Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control Pad
    10TB NAS
how is protecting/covering lens going to stop users from accessing your content ? I don't use any protection but my system notifies me when ever webcam gets turned on. My laptop is only open when I am working other time it just sleeps face down when I'm not. Only thing they will be able to access is dark keyboard, lol !
 

My Computer My Computer

At a glance

windows 7 ultimate x32T6670,8GB DDR3
Computer type
Laptop
Computer Manufacturer/Model Number
DELL
OS
windows 7 ultimate x32
CPU
T6670,
Motherboard
INTEL CORE 2 DUO, 0TFXK9
Memory
8GB DDR3
Screen Resolution
1366*768
Hard Drives
512GB SSD
Mouse
Logitech M165 w/sidebuttons
Internet Speed
30-150 mb/s
Antivirus
Bitdefender
Browser
FF, Opera GX
goodlad said:
how is protecting/covering lens going to stop users from accessing your content ? I don't use any protection but my system notifies me when ever webcam gets turned on. My laptop is only open when I am working other time it just sleeps face down when I'm not. Only thing they will be able to access is dark keyboard, lol !
Click to expand...

It won't. But the OP was about surreptitiously turning on your camera to spy on you and the goings on in the surrounding area. For desktop users a lens cover will protect from that. When you close your laptop you are effectively using a lens cover.
 

My Computer My Computer

At a glance

Win 7 Home Prem x64 SP1AMD FX6350 Vishera 3.9Ghz16Gb Ballistix Sport 2x8Gb DDR3-1600nVidia GEForce 1050Ti 4mg
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Win 7 Home Prem x64 SP1
CPU
AMD FX6350 Vishera 3.9Ghz
Motherboard
ASUS M5A97 R2.0
Memory
16Gb Ballistix Sport 2x8Gb DDR3-1600
Graphics Card(s)
nVidia GEForce 1050Ti 4mg
Sound Card
on board Realtek HD w/Logitech 2.1 speakers
Monitor(s) Displays
AOC 2243w
Screen Resolution
1920x1080
Hard Drives
500g Samsung Evo 850 OS SSD,
250g Samsung Evo 850 SSD for data,
1Tb Toshiba SSD for b/u's.
PSU
Corsair CX750 modular
Case
MasterCooler Elite 330
Cooling
2x case, Coolermaster Viper CPU stack
Keyboard
ms wireless desktop 2000
Mouse
ms wireless desktop 2000
Internet Speed
Cable:Average about 250Mbps down, 25Mbps Up +/-
Antivirus
MSE, Cclnr, MwBytes, SA-S
Browser
IE11
Not a big webcam or skype user, so I rarely use a webcam these days. When it's not being used on my desktop systems I keep it unplugged, and I don't even have the drivers enabled or software installed for it on my laptop.
 

My Computer My Computer

At a glance

Win 7 Ultimate, Win 8.1 Pro, Linux Mint 19 Ci...Intel i5 4690KCorsair Vengeance LP 32GB DDR3MSI GTX 1060 GAMING X 6GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Win 7 Ultimate, Win 8.1 Pro, Linux Mint 19 Cinnamon (All 64-Bit)
CPU
Intel i5 4690K
Motherboard
Gigabyte Z97X-UD3H
Memory
Corsair Vengeance LP 32GB DDR3
Graphics Card(s)
MSI GTX 1060 GAMING X 6GB
Sound Card
Onboard
Hard Drives
Samsung 850 EVO 250GB SSD (x2)
Samsung 860 EVO 1TB SSD (x2)
Crucial MX300 525GB SSD
WD Blue 2TB 5400rpm Intellipark Disabled (x2)
PSU
Corsair HX750i
Case
Phanteks Enthoo Pro
Cooling
CM Hyper 212 EVO on CPU, Noctua Redux NF-P14S 1500rpm (x6)
Keyboard
Corsair K70 RGB LUX
Mouse
Corsair Sabre RGB
Antivirus
Avast Free, MalwareBytes, SAS & CryptoPrevent
Browser
Chrome
Other Info
StarTech PEXESAT322I 2 Port PCI-E SATA Card
ASUS PCE-AC56 Dual-band AC1300 Wireless Card
Akasa FC.Six Manual Fan Controller
And a Partridge in a Pear Tree!
Because I'm paranoid my integrated camera is disabled in devise manager and the USB one is disconnected.
 

My Computers My Computers

System One System Two

  • At a glance

    Windows 7 pro/Windows 10 ProIntel i7 860 Quad core 2.8 ghz8 gbATI Radeon HD 5770 1 gb ram
    Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    HP Pavillion Elite HPE-250f
    OS
    Windows 7 pro/Windows 10 Pro
    CPU
    Intel i7 860 Quad core 2.8 ghz
    Memory
    8 gb
    Graphics Card(s)
    ATI Radeon HD 5770 1 gb ram
    Monitor(s) Displays
    Alienware 25 AW2521HF & Viewsonic
    Screen Resolution
    1920 x1080 & 1680x1050
    Hard Drives
    WD blue 1 tb & 500 gb.
    Browser
    FF of course.
    Other Info
    https://www.bestbuy.com/site/hp-pavilion-elite-desktop-intel-core-i7-processor-8gb-memory-1tb-hard-drive/9921493.p?skuId=9921493

  • At a glance

    Windows 2012 R2 Data center/Linux Minti3 9100 3.6GHz, 8M cache, 4C/4T8GB 2666MT/s DDR4 ECC UDIMM
    Computer type
    PC/Desktop
    System Manufacturer/Model Number
    Dell Poweredge T140
    OS
    Windows 2012 R2 Data center/Linux Mint
    CPU
    i3 9100 3.6GHz, 8M cache, 4C/4T
    Memory
    8GB 2666MT/s DDR4 ECC UDIMM
    Monitor(s) Displays
    Viewsonic
    Screen Resolution
    1680x1050
    Hard Drives
    1 TB & 750 GB
    Other Info
    https://www.dell.com/en-us/work/shop/productdetailstxn/poweredge-t140?~ck=bt
I recommend being very careful with any Smart Device such as your T.V. or any IOT devices.


Just because one turns off such options on a device doesn't necessary mean the options stay off.


Jack
 

My Computer My Computer

At a glance

Windows 10 Pro. 64/ version 1709 Windows 7 Pr...Intel i7-6800K @ 4.3Corsair Platinum 16 gig @2400EVGA GTX 1070 OC
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home made Desktop
OS
Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
CPU
Intel i7-6800K @ 4.3
Motherboard
ASUS X-99 Deluxe II
Memory
Corsair Platinum 16 gig @2400
Graphics Card(s)
EVGA GTX 1070 OC
Monitor(s) Displays
Asus 27" LED LCD/VE278Q
Screen Resolution
1920-1080 or 1280-720 HDMI
Hard Drives
INTEL SSD 730-240 Gb Sata 3.0/
PSU
EVGA Platium 1200W
Case
Phanteks Luxe Tempered Glass 8 fans/ one radiator
Cooling
XSPC/ Water Cooled CPU
Keyboard
Das 4 Professional
Mouse
Logitech M705/MX Anywhere 2-S
Internet Speed
100 mbits
Antivirus
Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS
Browser
I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum
Other Info
LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.
I bought a monitor that doesn't have a camera lens. So, unless there is software that can act as a camera even on my monitor, I'm guessing I'm safe. Especially as I'm Linux 90% of the time.
 

My Computer My Computer

At a glance

Windows 7 x64 SP1AMD Athlon 64 X2 6000+ / 3.0 GHz6 GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Gateway GT5656
OS
Windows 7 x64 SP1
CPU
AMD Athlon 64 X2 6000+ / 3.0 GHz
Motherboard
NVIDIA GeForce 6150 SE
Memory
6 GB
Monitor(s) Displays
Lenovo LED
Screen Resolution
1920 X 1080
Hard Drives
Windows on 500 GB spinner; Ubuntu 16 on Sandisk 250GB SSD; Bodhi5 on Samsung 250GB SSD; another old spinner for fooling around.
PSU
Original that came with computer
Keyboard
Logitech wireless
Mouse
Logitech wireless
Antivirus
Microsoft Sec Essentials
Browser
Vivaldi
You must log in or register to reply here.
Back
Top