Kaspersky has released details about a sophisticated nation-state spyware it calls TajMahal:
> The TajMahal framework’s 80 modules, Shulmin says, comprise not only the typical keylogging and screengrabbing features of spyware, but also never-before-seen and obscure tricks. It can intercept documents in a printer queue, and keep track of “files of interest,” automatically stealing them if a USB drive is inserted into the infected machine. And that unique spyware toolkit, Kaspersky says, bears none of the fingerprints of any known nation-state hacker group.
It was found on the servers of an “embassy of a Central Asian country.” No speculation on who wrote and controls it.
More details.