Beware Babar Malware Made in France?

Il n’y a pas de fumée sans feu.

Is Babar the Elephant weird? No matter what you think of the children’s stories originally published in France and translated for publication around the world, you might be hearing the word Babar a little more often. Recently, security researchers discovered new malware that they suspect was created by the French government. Internally, they’re calling it Babar64.

Source: Der Spiegel
Source: Der Spiegel

What is Babar64?

From Motherboard:

Babar is “a fully blown espionage tool, built to excessively spy” on its victims, according to the research, which Motherboard reviewed in advance. The researchers are publishing two separate but complementary reports that analyze samples of the malware, and all but confirm that France’s spying agency the General Directorate for External Security (DGSE) was responsible for its creation.

Mention of the malware may go back even further. Remember Edward Snowden?

Wait, Edward Snowden is Involved?

The screenshot at the top of this page was provided by Der Spiegel. It’s from a document ​leaked by Edward Snowden that outlines operation SNOWGLOBE, which (possibly) originally targeted the nuclear program in Iran but was seen in use in other European countries. Fast forward to today, and a lot of security researchers believe Babar64, the latest incarnation, is based a lot on SNOWGLOBE.

Is France Behind the Malicious Babar Malware?

Here’s what Motherboard found out:

“I’m sure [it was France], but proving this publicly is close to impossible,” Marschalek told Motherboard via instant message. “With binary attribution you generally have the problem, unlike in real crime scenes, you do not have actual evidence. There are indicators, from which conclusions can be drawn, but anything that serves as something like a digital fingerprint can be faked in the end.”

Babelfish translation: “We think it’s the French, but it could be anyone…” And that is perhaps a bit more frightening.

Nations Creating Malware?

Yes. Whether it’s the United States, China, North Korea or other countries, many nations are creating malware they can use for one reason or another. What’s really concerning is the sophistication of this bad software. As you know, most nations have a ton of money they can spend on developing and deploying software meant to spy and attack other computer systems.

Should I be Worried?

While not as bad as some of the software allegedly created and used by the NSA in the United States, the Babar64 malware shows that other nation-states are improving their cyber warfare capabilities. As with any other malware or virus, you should be concerned. Luckily, there are steps you can take to protect yourself. Next up, we’re going to give you the SSL takeaway to explain how.

The SSL Takeaway

Here’s a short list of steps you can take to ensure you’re protected and safe when you’re computing online  in the 21st century.

  • Update Software – Whether it’s apps you use or your operating system, you want to make sure you keep it updates. This will help prevent attackers from being able to use known vulnerabilities in the software you’re using.
  • Use a Firewall – You’ll always want to use a Firewall. Whether it’s Windows Defender or an actual hardware firewall you hook up to your router, you want to be able to control the bits coming into and leaving your computer.
  • Use Anti-Virus – Another good idea that is a necessity these days is to purchase and install anti-virus software. If you remember, we compared Avast and AVG late last year. Whatever you use, make sure it’s turned on and kept updated.
  • Use Anti-Malware – In addition to anti-virus software, you’ll also want to use dedicated anti-malware software to scan your system and make sure you’ve not been compromised. Again, you want to ensure it’s updated.

If you’re running your own websites, you want to make sure you follow all the SSL best practices so you can keep your servers safe. Have questions, concerns or an opinion? Leave a comment below!