Madi malware resurrection with better features.

Published on July 26, 2012.

Madi or Mahdi malware was targeting Middle East computers and its command and control center was shut down last week. Unfortunately, a new version of the Madi malware was recently discovered.

Securelist blog has received a variant of Madi malware which contains new features. The malware looks for key words such as “USA” or “GOV” in their titles and makes a screenshots that is send to the new command and control center.

The new Madi malware send the stolen information immediately to the C2 which is located in Montreal Canada. It seems that this new version is more dangerous than the old one.