CASPER Surveillance Malware Linked to French Government
Last month, cyber security researchers spotted a new strain of french surveillance malware, dubbed "Babar," which revealed that even French Government and its spying agency the General Directorate for External Security (DGSE) is dedicatedly involved in conducting surveillance operation just like the United States NSA and United Kingdom GCHQ.

A powerful piece of surveillance malware, known as "Casper," has recently been discovered by the Canadian security researchers that once again point fingers at the French government.

The newly discovered sophisticated Casper surveillance malware is believed to be developed by France based hacking group suspected to have ties with the French government, according to the report published by Motherboard.

Report suggests that French hacking group have developed 'Swiss Army knife of spying tools' which has been used by French government to conduct multiple espionage campaigns over the last few years.

Casper is a 'recognition tool', designed to profile its targets and determine whether the victim is of interest for further surveillance or not. Casper surveillance malware was used as an initial program before deploying any advance persistent malware into the targeted computers for espionage purpose.

In April 2014, Casper surveillance malware was especially hosted on a hacked Syrian Government's Ministry of Justice website to infect its targets by exploiting two Flash Player zero-day vulnerabilities that were not known publicly at that time.

Syrian Ministry of Justice website which was set up in 2011 by the government for citizens to send complaints to the Bashar al-Assad regime. Casper malware was hosted in a folder on the website and users who accessed that folder were infected by the surveillance malware.

These kind of zero-day exploits, in some way, open doors for hackers to collect information from the target computers and cost Millions of Dollars in exploit market. It is believed that Casper surveillance malware is created by experts with significant financial resources i.e. State-sponsored.

After analyzing the code fragments of a Casper malware, researchers found numerous similarities between Casper surveillance malware and the Babar.

Babar, is an advance malware developed in 2009, capable of eavesdropping on online conversations which held via Skype, MSN and Yahoo messenger, and records and transfers keystrokes, clipboard data, and monitors which websites an infected user has visited.
Babar was used against Iranian nuclear research institutes and universities, and European financial institutions. It was previously mentioned in a slideshow leaked by NSA whistleblower Edward Snowden, where it was linked to French Government by the Canadian intelligence agency.

Casper, on other hand, is the mature version of the Babar and is literally a ghost spy program. Once infected, Casper surveillance malware gather all the "intelligence information" about the target computer and sends them back to the control center without ever revealing its presence.

If a victim was found interesting and worthy of further hacking, Casper surveillance malware enabled the hackers to deploy additional malware, such as Babar, through a built-in platform for plugins.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.