New research from Kaspersky Lab sheds light on a cyber-espionage campaign conducted by Chafer, an Iranian Advanced Persistent Threat (ATP). Throughout autumn of last year, the threat group carried out attacks against embassies in Iran involving a custom version of the Remexi spyware.
Remexi can log keystrokes, take screenshots and steal web cookies and browser history on infected devices. The latest version of the spyware used by Chafer includes various threads or modules that can execute different tasks on a targeted device. The spyware makes use of legitimate Microsoft tools and processes, an increasingly popular tactic known as ‘living off the land’.
Read more: Chafer APT Takes Aim at Diplomats in Iran with Improved Custom Malware