Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

G DATA: Babar spyware records all data

February 2015 by G DATA

G DATA SecurityLabs has been investigating a spyware sample that records and transfers keystrokes, clipboard data, monitor data and audio conversations, thus confirming the Snowden revelations concerning a French national spyware strain, documented by the Canadian intelligence service CSEC (Communication Security Establishment Canada). French newspaper Le Monde first reported the existence of these documents almost exactly a year ago. G DATA experts have now published the technical details for the first time, following the analysis of the Babar malware, which was conducted in tandem with other international security research agencies. The analysts were unable to determine whether these malware control servers have been deliberately put into operation or have been compromised. In the experts’ opinion, building such software requires substantial investments in personnel and infrastructure. The level of complexity of the malware suggests that it originated from a secret service. The Canadian intelligence service believes the French secret service is behind Babar. G DATA security solutions detect and block the malware.

Background to the CSEC documents

In March 2014, the French daily newspaper Le Monde ran a report on documents from the Canadian intelligence service CSEC (Communication Security Establishment Canada) dated 2011, which came to light during the Edward Snowden revelations. German news magazine Der Spiegel took up the matter in January 2015 and published further contents from these documents - Operation Snowglobe.

What is Babar?

Babar is a Remote Administration Tool (RAT), the main function of which is to spy on data. Following the analysis of the EvilBunny malware in December 2014, According to the Canadian intelligence service, Babar was also the internal name of a national secret service operation called Snowglobe. This makes Babar the second malware strain to have been identified that is connected to the Snowglobe spyware campaign. The name "Babar" comes from a French series of children’s books whose hero is an elephant.

Because of their similarities, G DATA security experts are convinced that the two strains originate from the same developers.

Detailed technical information can be found here: https://blog.gdatasoftware.com/blog/article/babar-espionage-software-finally-found-and-put-under-the-microscope.html


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts