A malicious software, dubbed as Regin, was discovered by tech security firm Symantec, which it describes as a "full-featured spying tool providing a framework for mass surveillance."  The company has been monitoring this multi-purpose data collection software since the second half of 2013, although they believe that at least two versions exist: the first (version 1.0) was utilized sometime between 2008 and 2011, then withdrawn; and the second (version 2.0) was used from around 2013 onwards. There could be other versions that have yet to be discovered, and transmission remains unconfirmed.

According to the whitepaper titled "Regin: Top-tier espionage tool enables stealthy surveillance" published on Nov. 24 by the tech security and software company, "Regin is an extremely complex piece of software that can be customized with a wide range of different capabilities which can be deployed depending on the target. It is built on a framework that is designed to sustain long-term intelligence-gathering operations by remaining under the radar. It goes to extraordinary lengths to conceal itself and its activities on compromised computers. Its stealth combines many of the most advanced techniques that we have ever seen in use."

No industry has been identified as the specific target of the malware, as it was found in various sectors. Based on Symantec's information, 48 percent is in the small business and private individual category, 28 percent is in the telecoms backbone, 9 percent in hospitality, and 5 percent each in the energy, airline, and research sectors.

"The main purpose of Regin is intelligence gathering and it has been implicated in data collection operations against government organizations, infrastructure operators, businesses, academics, and private individuals. The level of sophistication and complexity of Regin suggests that the development of this threat could have taken well-resourced teams of developers many months or years to develop and maintain," the whitepaper explains.

Based on country distribution, most of Regin's victims are in Russia (28 percent of the infection) and Saudi Arabia (24 percent), followed by Ireland and Mexico (9 percent each).  Afghanistan, Iran, Pakistan, India, Belgium, and Austria each have 5 percent of the currently confirmed total infections.

Regin, according to the company, has a six-stage architecture, and the only stage that appears as visible code is stage 1. Stage 0 (dropper) involves the installation of the malware into the target computer; stages 1 and 2 are for loading the drivers; stage 3 loads other components, such as compression, encryption, networking, and handling of EVFS (encrypted virtual file system); stage 4 involves utilization of the EVFS as well as loading other drivers and payloads; then stage 5 is for main payloads and data files.

The malware can install customizable payloads, and among the things that they can do are steal passwords, gather memory information, capture screenshots, control mouse pointer and clicks remotely, retrieve deleted files, among others.

But while Regin is a complex threat used for wide-scale data collection, Symantec says that this type of malware is relatively rare.

"Threats of this nature are rare and are only comparable to the Stuxnet/Duqu family of malware," the company says. "The discovery of Regin serves to highlight how significant investments continue to be made into the development of tools for use in intelligence gathering."