Beware: Updated 'Mahdi' Spyware Turns Into Venomous Data Thief

Did you know that it is not uncommon practice for older malware threats to receive updates essentially making them more vicious than ever?

Believe it or not, the common practice of taking older malware threats and reintroducing them as a much more venomous iteration has found its way to malware such as the Mahdi threat. Mahdi, translated as 'Messiah' in Arabic, was once known to be a large-scale malware outbreak in the Middle East region of the world. Mahdi also refers to a Shiite central theological idea foretelling that Mahdi, the redeemer, would appear before the Day of Judgment. Such a parallel could be misconstrued because Mahdi is anything but a 'redeemer'.

Mahdi was known as a threat packing a serious payload aimed at file attachments, where it would record keystrokes and even isolate and save passwords among other logging actions when initiated. Mahdi, much like a keylogger threat, took data recording and keystroke logging to another level by essentially giving hackers a tool for stealing information stored on an infected computer. There was a time that Mahdi could be controlled remotely but it has not taken on a face of a serpent.

Just last week, Mahdi was spotted by security researchers from Kaspersky Lab to upload recorded data it hijacks from infected PCs directly to a sever without waiting for instructions. The older variant of Mahdi would await instructions from a command and control server to carry out malicious actions. The newer Mahdi has received a renovation where it houses the capability of carrying out data theft and uploading methods all on its own.

What is probably the most disturbing characteristic about the newest variant of Mahdi, is that it can now be used to steal information from critical infrastructures. Coincidently, the newer version of Mahdi was found to be a culprit in a campaign to pilfer and transmit captured data from government agencies, financial outlets and more specifically, Middle Eastern critical infrastructure engineering firms.

You can think of Mahdi being the 'Messiah' of data theft when in the wrong hands.

A particular text file, Mahdi.txt, is a malicious word document spread by the parasite. Through Mahdi's new self-contained instruction-set, it may be used to capture screens, record audio, log keystrokes, capture screen shots and even gather data from documents including email correspondence. Mahdi is basically relentless and spares no one in its data theft escapade. Mahdi could very well be the ultimate spyware parasite in the realm of a threat designed to steal information from other systems.

Have you ever suspected a malware or spyware threat recording every move you make on your computer? What if it was the threat Mahdi, which has the capability to send all recorded computer actions to a remote sever where it may be used for who knows what? Would such an incident prompt you to utilize security software to keep your system protected?