Info Stealer

Gauss

First seen: 2012 • Status: inactive

Currently Inactive

Gauss was like a mysterious locked box that stole banking information, and even experts could not figure out what secret mission was hidden inside.

Overview

Gauss was a nation-state cyber espionage toolkit related to Flame that specifically targeted banking credentials in the Middle East. It contained an encrypted payload that has never been decrypted.

Also Known As

Gauss banking module

How It Spreads

  • USB drives
  • Web exploit kits

What It Does

  • Banking credential theft
  • Browser history collection
  • System information gathering
  • Unknown encrypted payload execution

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Gauss is no longer active - historical research purposes
  • Look for Palida Narrow font installation (unique indicator)

MITRE ATT&CK Techniques

T1555, T1217, T1082, T1027

If You're Infected

  1. 1.

    Historical malware - standard banking trojan remediation applies

  2. 2.

    Research reference for understanding APT capabilities

Related Malware

Flame, Duqu, Stuxnet

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices