Russian cybersecurity firm Kaspersky Labs and Israeli cybersecurity outfit Seculert have identified a new type of phishing malware called “Mahdi” affecting at least 800 computers throughout the Middle East and parts of Central Asia, with most infected machines detected in Iran.
The malware, named “Mahdi” or “Madi” after strings of code referencing a prophesized Islamic messiah figure, is notable for its delivery mechanisms, among them email attachments of a religious-themed PowerPoint writted in English and Farsi, which includes references to Moses, a separately attached image (in a text file) of what appears to be Jesus, as well as another attached text file containing a November 2011 article from The Daily Beast entitled “Israel’s Secret Iran Attack Plan: Electronic Warfare.”
Seculert says that so far, no connection has been established to the “Flame” malware found earlier this year on computers throughout Iran and the Middle East, nor its cousin, “Stuxnet,” both of which are reportedly the work of state-sponsored U.S. and Israeli cyber attack efforts.
