I was really shocked to know the information released by Symantic about a malware by name Regin. It even says that this malware was wild enough infecting computers since 2008. Did all the antivirus or scanning software miss from discovering this malware? How was Regin malware undetectable, though it was infecting computers since 2008?Â
How was Regin malware undetectable, though it was infecting computers since 2008?
According to Symantec, Regin is a top-level espionage tool that allows secret surveillance. This security risk shows a degree of technical capability that is not often seen. The malware has been used in intelligence work operations against infrastructure operators, governments, researchers, businesses, and private individuals. Regin is an advanced piece of malware that has been utilized in systematic spying campaigns against a variety of international targets since no less than 2008.
Regin is a complex backdoor-type Trojan whose assembly shows a degree of technical expertise that is infrequently seen. Armed with a massive variety of capabilities depending on the target, this Trojan gives its controllers with a strong structure for mass surveillance. It is apparent that the development of this Trojan took months to complete, if not years.
And the authors have done all things to cover or conceal its tracks. See the image below and check how Symantec outlined Regin in a new technical whitepaper. They called Regin as Backdoor.Regin which they described as a multi-staged threat where every stage is encrypted or hidden. See image.
Also, the level of resources and capabilities at the back of Regin signify that it is one of the major cyber espionage tools used by a nation or a state.