Skip to main content

Mahdi malware invades 800+ Middle East computers

Computers throughout the Middle East are being infected by malware that appears to be part of a surveillance campaign that records users’ activity both on and, surprisingly, off the computer, according to reports.

The malware, called “Mahdi” – also known as Madi, and named after the Islamic concept of “the prophesied redeemer of Islam who will rule for seven, nine or nineteen years (according to various interpretations) before the Day of Judgment… and will rid the world of wrongdoing, injustice and tyranny” – was discovered on machines throughout the region earlier this week, and is believed to be just part of an ongoing attack on computers throughout the Middle East and Asia. “We have analyzed several versions of the malware [and] are anticipating other versions to arrive, as the attack is still active,” explained Aviv Raff, the chief technology office of cybersecurity firm Seculert, the company believed to have initially detected the malware.

Recommended Videos

According to analysis from Kapersky Labs, Mahdi has been working undetected for a long time now. “For almost a year, an ongoing campaign to infiltrate computer systems throughout the Middle East has targeted individuals across Iran, Israel, Afghanistan and others scattered across the globe,” the analysis opens, going on to suggest that it has already captured “large amounts of data” from “Middle Eastern critical infrastructure engineering forms, government agencies, financial houses and academia.”

The malware is believed to infect computers via a PowerPoint file sent as an email attachment, although it also reportedly installs itself via images disguised as text files. In an email to Talking Points Memo, a Kaspersky analyst explained that the malware appeared to have been created with the purpose of “sustained data retrieval and large scale surveillance of a regional, select set of sectors, organizations, individuals and events in the Middle East,” specifically “business people working on critical infrastructure projects, government agencies in the Middle East, Israeli banks, engineering/high tech firms, and engineering students.” It’s believed that the software not only records keystrokes, but snoops in all manner of concerning ways. According to the Kaspersky report, Mahdi does the following:

  • Logs keystrokes
  • Captures screenshots of infected computers at specified intervals
  • Captures screenshots of infected computers when the user initiates a “communications event,” described by Kaspersky as “the victim is interacting with webmail, an IM client or social networking site,” with sites that initiate the screenshots including Gmail, Hotmail, Yahoo! Mail, ICQ, Skype, Google+, Facebook and others
  • Updating backdoor
  • Recording and uploading outside audio as .wav files
  • Retrieving “any combination of 27 different types of data files”
  • Retrieving disk structures of the infected computer
  • Delete and bind (“These are not fully implemented yet,” Kaspersky notes)

So far, Mahdi has been discovered on at least 800 machines. Both Kaspersky and Seculert expect that number to increase with more releases of the malware.

Graeme McMillan
Former Digital Trends Contributor
A transplant from the west coast of Scotland to the west coast of America, Graeme is a freelance writer with a taste for pop…
PayPal vs. Venmo vs. Cash App vs. Apple Cash: which app should you use?
PayPal, Venmo, Cash App, and Apple Wallet apps on an iPhone.

We’re getting closer every day to an entirely cashless society. While some folks may still carry around a few bucks for emergencies, electronic payments are accepted nearly everywhere, and as mobile wallets expand, even traditional credit and debit cards are starting to fall by the wayside.

That means many of us are past the days of tossing a few bills onto the table to pay our share of a restaurant tab or slipping our pal a couple of bucks to help them out. Now, even those things are more easily doable from our smartphones than our physical wallets.

Read more
How to change margins in Google Docs
Laptop Working from Home

When you create a document in Google Docs, you may need to adjust the space between the edge of the page and the content --- the margins. For instance, many professors have requirements for the margin sizes you must use for college papers.

You can easily change the left, right, top, and bottom margins in Google Docs and have a few different ways to do it.

Read more
What is Microsoft Teams? How to use the collaboration app
A close-up of someone using Microsoft Teams on a laptop for a videoconference.

Online team collaboration is the new norm as companies spread their workforce across the globe. Gone are the days of primarily relying on group emails, as teams can now work together in real time using an instant chat-style interface, no matter where they are.

Using Microsoft Teams affords video conferencing, real-time discussions, document sharing and editing, and more for companies and corporations. It's one of many collaboration tools designed to bring company workers together in an online space. It’s not designed for communicating with family and friends, but for colleagues and clients.

Read more