Infy Malware – Almost 10 years of Espionage; One Family of Malware

Background

As we all know, nothing on the internet never goes away. Ever. Exhibit A: Infy malware, identified by our friends at Palo Alto Networks’ threat research center as having been around since 2007 or earlier. PAN’s team has documented 40+ variants of a previously unpublished malware family, which it christened ‘Infy’.

Malware, which is a broadly used term for software that is written specifically to ruin your day, is an unwelcome aspect of the internet bathwater we all share. In the case of Infy, the threat arrives via an email with an attachment that carries a Self-Extracting Executable Archive (SFX) within a MS Word or PowerPoint file. Infy appears to be purpose-built to conduct espionage against specific government organizations and citizens, and not part of a broader campaign.

Infy tricks users into running the SFX by posing as a legitimate attachment. Once installed, Infy phones home to its Command and Control server, and then starts harvesting data (including running a key logger to steal everything the victim types, such as login credentials, and exifiltrating it).