Powerful, Sneaky Malware Called Regin Has Been Spreading Since 2008

Regin’s five infiltration stages.

Graphic from Symantec

Symantec, the cybersecurity company that makes Norton AntiVirus, released research Sunday about sophisticated malware called Regin that has been circulating widely since 2008, most likely as a digital espionage tool for a government.

Regin was active from 2008 to 2011 and then disappeared until 2013. It’s been going strong ever since. Symantec says Regin has spread in 10 countries, including Russia, Saudi Arabia, Ireland, and Mexico. Also, 48 percent of Regin infections are targeted at private individuals or small businesses. So, yeah, it’s around.

Regin is extremely complex, and Symantec reports that it would have taken months or years to develop, even for a government group with extensive resources. The malware is “a back door-type Trojan” that allows a hacker to do things like collect passwords and files, or take screencaps on a compromised computer. The malware is apparently impressive in how effective it is and how rigorous developers would have had to have been to create it.

Symantec said in its report, “[Regin] provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals.”

Symantec says that Regin has some similarities to the Stuxnet worm, which was developed by the United States and Israel.*

The whole thing sounds pretty intimidating, but Vikram Thakur of Symantec had one (sort of) reassuring thing to say on BBC News:

We think the piece of malware … is capable of targeting just about anybody who connects to the internet as of today; however, we don’t believe that this tool is actually being used to target individuals at home. Considering the level of sophistication and the amount of work which has been put into creating this little tool, it’s evident that the powers behind it or the nation state which may have created this is only interested in specific individuals and businesses out there, not mass surveillance.

OK, so you’re probably not being targeted by Regin, but if you are, whoever is behind it has access to everything. 

*Correction, Nov. 24, 2014: This post originally misspelled Israel.