Before I begin describing what miniFlame is, I wanted to state the reason as to why this threat update was created. Over this past week SecureState has received several emails from concerned clients asking what miniFlame is and whether they should be concerned or not. This is partially due to the large amount of press that this miniFlame threat gained due to its predecessors duqu, stuxnet, Flame, and Gauss.
What is miniFlame?
miniFlame, is a small, highly functional module that is designed to allow access to infected systems and aid in the theft of data. This piece of malware was designed to be a component that is controlled by Flame; however, miniFlame does have the capability to operate as a stand-alone attack tool. Unlike the Flame and Gauss malware which were mostly present within Iran, Sudan, and Lebanon, miniFlame does not appear to have a clear geographical bias.
Should You Be Concerned?
Most of our clients and individuals who read this blog should not be concerned about this variant of malware. Flame and Gauss were a part of a massive spy operation directed at the Middle-East. Due to miniFlame’s compatibility with both of these variants of malware and the use of the same command and control servers, it is likely that this malware was developed by the same team as Flame and Gauss. This malware has been detected in less than 100 total systems, mostly within Western Asia. This leads us to believe that this tool is used for highly targeted attacks and has been used against very specific targets.
Below are the numbers of total incidents taken from SecureState’s threat intelligence database. SecureState’s threat intelligence database is a collection of alerts from several external resources through partnerships. SecureState also includes data from our proprietary persistent threat modeling platform powered by ARGUS.
Malware Variant Incidents (Approx)