Mahdi is capable of logging keystrokes, taking screenshots at specified intervals, recording audio and stealing a variety of documents, images, archives and other files, Kaspersky Lab researchers said in a on Tuesday.
Its name comes from a file called mahdi.txt that gets dropped on infected computers. According to Islamic beliefs, Mahdi is a Messianic figure who will rule the world before Judgment Day and will cleanse it of injustice and wrongdoing.
Seculert discovered the Mahdi malware several months ago while investigating a suspicious email message with a fake document attached, the company's researchers said Tuesday in a .
The company shared its findings with Kaspersky Lab in order to determine if Mahdi shares any similarities to Flame, a highly sophisticated cyberespionage threat that also targeted organizations from Iran and the Middle East.
The two companies worked together to redirect the malware's traffic to a server under their control -- an operation called sinkholing -- and analyze it. This allowed them to identify over 800 victims, most of them located in Iran and Israel.