The Gauss virus is likely state-sponsored, Russian security firm Kaspersky Lab said, and appears to have been coded by the same team that wrote Flame, data-mining malware designed to stealthily spy on computers in Iran, TG Daily reported Thursday.
Gauss has been detected on approximately 2,500 computers so far, with the majority of the computer infections seemingly confined to Lebanon.
Gauss appears to have been programmed to steal specific information, including log-in credentials for bank accounts.
Several of Lebanon's more prestigious banks have already been targeted, such as the Bank of Beirut, BlomBank, ByblosBank, Credit Libanais and FransaBank, Kaspersky researchers said.
"We have never seen any malware target such a specific range of banks," Kaspersky spokesman Costin Raiu told The New York Times.
"Generally cyber criminals target as many banks as possible to maximize financial profit, but this is a very focused cyber-espionage campaign targeting certain users of online banking systems," he said.
Gauss was authored by the same team as the Flame and Stuxnet viruses, as they all share similar code, Raiu said.
"There is absolutely no doubt that Gauss and Flame were printed by the same factories. And an early version of Stuxnet used a module from Flame, which shows they are connected. Stuxnet was created by a nation-state -- it simply could not have been designed without nation-state support -- which means Flame and Gauss were created with nation-state support as well."