‘French secret service uses malware for espionage purposes’

Security researchers from the company Cyphort state that the French secret service General Directorate for External Security also uses malware to obtain internet data. The company has found strong indications for this in the so-called Babar malware.

The Babar malware, which targets Windows systems, is able to intercept online conversations via Skype, MSN and Yahoo Messenger, among others. The malware can also be used as a keylogger and monitoring tool. While Babar is less advanced than recently uncovered malware suspected of being the NSA, the tool would offer ample potential for widespread use for espionage, Motherboard writes.

Evidence that the Babar malware is of French origin surfaced in March last year after the publication of a document leaked by Snowden from the Canadian secret service CSE. It describes Operation Snowglobe in which the malware is called Babar. According to the Canadians, Babar clearly came from a French intelligence service.

Shortly after this announcement, Cyphort researchers obtained some samples of Babar variants. An analysis of the binaries again yielded clues pointing to the General Directorate for External Security. For example, communication is made with the same servers that other malware of presumably French origin also communicate with. The malware samples of different variants also contain the same typos.

If the findings are correct, then the French intelligence service also uses malware for espionage purposes. The American NSA and the British GCHQ have long been known to deploy malware on a large scale, while countries such as China and Russia also carry out such cyber operations.