Researchers have found new infrastructure believed to be used by the spyware manufacturer Candiru to attack computers through Windows malware.
The research, released by Recorded Future’s Insikt Group on Monday, revealed eight distinct operational clusters linked to the spyware, which is tracked as DevilsTongue. Five of them are highly likely to be active, including clusters tied to Hungary and Saudi Arabia, the report said.
“This infrastructure includes both victim-facing components likely used in the deployment and [command and control] of Candiru’s DevilsTongue spyware, and higher-tier infrastructure used by the spyware operators,” according to the report.
