Kaspersky Lab in Russia and Seculert in Israel said the malware on more than 800 PCs operated by critical infrastructure companies, financial institutions and government agencies has been siphoning e-mails, passwords, computer files and nearby conversations, ArsTechnica.com reported Tuesday.
The researchers have dubbed the malware Madi or Mahdi, which in Islam is synonymous with Messiah, because of several code strings and handles used by the attackers.
The discovery evoked comparisons to the Flame malware used to disrupt Iran's nuclear program, but both Kaspersky and Seculert said the malware contained amateur coding practices and relied on the gullibility of its victims, whereas Flame contained world-class cryptographic breakthroughs and other techniques that suggested state-sponsored developers.
"While we couldn't find a direct connection between the campaigns, the targeted victims of Mahdi include critical infrastructure companies, financial services and government embassies, which are all located in Iran, Israel and several other Middle Eastern countries," Seculert said. "It is still unclear whether this is a state-sponsored attack or not."
Madi can log keystrokes, capture screenshots and steal any messages sent to or from a variety of widely used services, including Gmail, Hotmail, Yahoo! Mail, Skype or ICQ, the researchers said.