It’s called StoneDrill and is a wiper sophisticated, in addition to attack in the Middle East with capabilities of erasing and spying, is heading to Europe.

Kaspersky Lab has warned about the existence of a new malware wiper , as it was already doing Shamoon, is able to sneak into computers and destroy all that they contain. It is StoneDrill.

Shamoon rose to fame a few years ago when knocked around 35,000 computers of an oil company in the Middle East. Since then, it has continued to evolve. StoneDrill would be similar in some aspects to the new Shamoon 2.0, but from Kaspesky Lab consider it even more sophisticated.

“it Has advanced anti-detection and espionage”, as explained by the experts.

Although it is unknown, what is its propagation method yes you know how to proceed once at your destination. What it does is stay in the process memory of the browser that the user uses and applies techniques “anti-emulation” to avoid security solutions and destroy the files contained on the disks. Module deletion is accompanied by a backdoor that serves to spy on, in combination with four panels of command and control.

experts say that, in addition to attack in the Middle East, this new wiper also heads to Europe. This is something that, until now, had never gone through this type of malware. In addition, StoneDrill seems to be connected to other wipers and campaigns of espionage. For example, take advantage of parts of code NewsBeef APT or Charming Kitten.

“We are very intrigued by the similarities and comparisons”, says Mohamad Amin Hasbini, senior analyst of security, of the global team of analysis and research, Kaspersky Lab, which asks whether “StoneDrill is the fruit of the same subject behind Shamoon”, if “StoneDrill and Shamoon have behind to two distinct groups and are not connected that are intended to both attack entities saudis” or if “there are two different groups, but perfectly aligned on your goals”.

“Probably this last possibility is the most plausible”, determines Hasbini, “as Shamoon includes sections written in Arabic, StoneDrill it does in Persian. The analysts of geopolitical quickly commented that both Iran and Yemen are the actors in the close conflict between Iran and Saudi Arabia, and Saudi Arabia in the country where most victims of this malware have been identified”, he adds. “But of course, this does not exclude the possibility that these objects are just a few lures”.

treat yourself to Kaspersky Lab’s advise companies that they protect themselves by training their employees, implementing protection measures within and outside the perimeter, with advanced methods, checking the security of the network of control and requesting information to emergency response teams.