Today Kaspersky has posted a transparency initiative reports which explains that Kaspersky has fetched the source code of NSA hacking tools via its antivirus software.
The inquiry involves a “thorough review” of the company’s telemetry logs. “We were aware only of one single incident that happened in 2014 during an APT [advanced persistent threat] investigation when our detection subsystems caught what appeared to be Equation malware source code files and decided to check if there were any similar incidents,” the company explained in its statement today.
Kaspersky Lab have obtained a code that is new, unknown and debug variants by its home users application installed in a system in US. The infectious code was transferred by Kaspersky Security Network (KSN) which was enable on the installed applications.
“Following these detections, the user appears to have downloaded and installed pirated software on his machines, as indicated by an illegal Microsoft Office activation key generator… which turned out to be infected with malware. Kaspersky Lab products detected the malware with the verdict Backdoor.Win32.Mokes.hvl,” said in the statement.
Infected users have disabled the antivirus program as to run the Keygen application. Later as antivirus software was on, infected user had scan it’s systems several time which resulted in detections of new and unknown variants of Equation APT malware.
One of the files detected by the product as new variants of Equation APT malware was a 7zip archive.
Archive was detected as malware and submitted to KAS lab, where it was further investigate by analysts. Malicious Archive contain multiple Malware sample that was appeared to Equation malware.
The investigation report of malware 7zip was reported to company’s CEO (Eugene Kaspersky). CEO directed to delete archive from all of its systems and informed not to share it with third-parties.
Kaspersky claims that they have informed the incidents to US government about active APT infection in USA.
The investigation has not revealed any other related incidents in 2015, 2016 or 2017, nor found any evidence of Kaspersky ‘weaponising’ its own software by searching users’ computers for keywords like “top secret” and “classified”, the statement concluded.