Researchers said that a powerful computer program that was discovered last year and is linked to campaigns of espionage waged against global targets is strikingly similar to a piece of malware used by the US National Security Agency and its Five Eyes allies.
Earlier this month, journalists at Der Spiegel published the source code for a computer program called 'QWERTY' – “a piece of software designed to surreptitiously intercept all keyboard keys pressed by the victim and record them for later inspection,” and said that they hoped the disclosure would “foster further research and enable the creation of appropriate defenses," RT reported.
The QWERTY program, according to documents provided to Der Spiegel by former NSA contractor Edward Snowden, is included in an arsenal of malware products used by the National Security Agency and its intelligence gathering allies, colloquially called the Five Eyes. That suite of tools, the German paper said, is used by the US, Australia, Canada, New Zealand and the United Kingdom in order to eavesdrop on targets and conduct other sorts of destructive cyber ops.
According to researchers at Kaspersky Labs who have reviewed QWERTY during the last 10 days, the keylogger’s source code can be linked to 'Regin,' another spy tool that raised eyebrows when it was discovered in late 2014 and alleged to have been used against targets in Algeria, Afghanistan, Belgium, Brazil, Fiji, Germany, Iran, India, Indonesia, Kiribati, Malaysia, Pakistan, Russia and Syria, among others.
“Considering the extreme complexity of the Regin platform and little chance that it can be duplicated by somebody without having access to its sourcecodes, we conclude the QWERTY malware developers and the Regin developers are the same or working together,” Costin Raiu and Igor Soumenkov, researchers at Kaspersky’s Securelist blog, said on Tuesday.