While the researchers have yet to trace the software back to the group that developed it, based on the available evidence, the campaign appears to be tightly targeted and highly selective. Only a few dozen computers have been found to be infected, although all impacted systems are both high-profile and high-value.
As for the software itself, it’s a nasty piece of business capable of quietly taking control over an infected system’s video camera and capture audio. This allows them to both see and hear anything going on in the vicinity of the system. Essentially then, InvisiMole turns your computer into a compromised Amazon Echo.
Based on the sophisticated design of the software and the fact that the researchers have yet to be able to trace it back to the source, it’s believed that it has been developed by (or at least in partnership with) an unknown state actor. Although the current campaign is small and highly targeted, given its capabilities, InvisiMole could easily become a much more serious threat.
Even worse, it’s entirely possible that the original developers could lose control of the code, or that some other hacker group could reverse engineer it, causing it to spread far and wide.
Research into the software is still ongoing, and at this point ESET can’t say with certainty how the malicious payload is being delivered to target machines. Of course, at present, there is no antivirus software defense against it. Stay on your guard. You never know who might be watching.