Security company Symantec has discovered an advanced trojan used for spying, called Regin. A complex piece of software, it has “been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals,” says the firm. Regin is described as “truly groundbreaking and almost peerless.”
Regin has existed in two forms. The first existed from 2008 till 2011, and then a second version emerged in 2013. While many institutions were infected by the spyware, almost half of Regin’s victims have been private individuals. Symantec is unsure exactly how Regin spreads, but it may be through fake versions of well known websites, or browser and application exploits (the type we report on regularly).
Regin is ‘highly customizable’, but has been seen to capture screenshots, take control of cursors, steal passwords, monitor traffic, and recover deleted files. Symantec reports that it is very hard to detect, and even when detected, very hard to see what it’s doing. The company is continuing its analysis of Regin and says it will report any further discoveries it makes about Regin’s capabilities.
Should you be worried about Regin? The geographical spread of its targets is broad, but almost half of discovered infections are concentrated between Russia and Saudi Arabia, with eight other countries (Pakistan, Austria, Belgium, Iran, Afghanistan, India, Ireland and Mexico) making up the rest. That Regin has been undetected for so long makes it conceivable that there could be other spyware out there also monitoring individual’s computers. As we reported last week, some governments do use spyware to monitor individuals like journalists and human rights defenders, and people connected to these professions are most at risk.
The best defense against spyware and malware is to keep your software up to date, be vigilant about what links you click, and be very skeptical about links and files from unsolicited sources.
Follow Jonathan on Twitter: @jonathanriggall