Mahdi trojan, new Persian-language cyber spy network, found watching Iran, Middle East

Security analysts today revealed the existence of Mahdi trojan, a new Persian-language cyber spy network targeting Iran and the region, reported Reuters.

Israeli security company Seculert and Russia's Kaspersky Lab announced today that the spyware has already taken at least 800 victims in eight months in what is believed to be an ongoing espionage effort, according to Global Security Mag. 

More from GlobalPost: “Spies Against Armageddon" book says Israel's Mossad killed Iranian nuclear scientists

The trojan also uses what Kaspersky called “distraction images,” among which is a partial screen grab of a Daily Beast article headlined: "Israel's Secret Iran Attack Plan: Electronic Warfare."

Israel has also been targeted by attacks, but the majority have taken place in Iran, said the security firms.

Several gigabytes of data are known to have been taken from the region's victims, which include key infrastructure companies, government embassies in five countries, financial companies, and individual engineering students, Kaspersky said. 

Seculert and Kaspersky told Reuters they had no idea who was behind the campaign, but it involves "for sure somebody who is fluent in Persian," Seculert Chief Technology Officer Aviv Raff said. 

The security companies said Mahdi is the first such spyware found with tools written almost entirely in Persian, according to Reuters. 

Seculert said the program also used dates in the Persian calendar.

The name Mahdi refers to an important end-of-times figure in Islam.

Several cyber campaigns targeting the region and in particular Iran — initiatives believed developed by the US and Israel — have been discovered in recent months.