The Regin stealth malware is one of the most sophisticated pieces of attack code written, and was likely created by a government for corporate espionage, according to the Symantec security firm. Regin was used for the past six years and has the ability to take screenshots, recover deleted files, and steal usernames and passwords from infected machines.
It is believed that machines from Ireland, Russia and Saudi Arabia have been most infected, with an effort to attack end users, companies, and government organizations. The Regin creators were diligent to cover their tracks, and it could have taken months to develop the software.
"We believe Regin is used primarily for espionage," said Liam O'Murchu, Symantec security researcher. "We see both companies and individuals targeted. The ultimate goal is to listen in on phone calls or something like that. [Regin's operators] target individuals and spread the attack to find whatever it is they're looking for. All of these things together make us think that a government wrote it."