Home

careto

Careto, also known as The Mask, is a sophisticated cyber-espionage malware family discovered around 2010–2011 by CrySys Lab and Kaspersky Lab. It targeted a wide range of sectors, including government, diplomacy, energy, and media, across dozens of countries, with victims in Europe, the Middle East, the Americas, and Africa.

Technical characteristics include a modular architecture with plug-ins to support Windows, macOS, and Linux ecosystems, and

Impact and significance: Careto is considered one of the more sophisticated targeted espionage campaigns of its

Discovery and naming: Researchers named the campaign Careto after the Portuguese word for mask; some outlets

Legacy: The Careto campaign highlighted challenges in cross-platform cyber-espionage and the importance of credential hygiene and

the
use
of
rootkit
techniques
on
Windows
to
hide
its
presence.
Operators
used
stolen
digital
certificates
to
sign
payloads
and
relied
on
spear-phishing
emails
and
watering-hole
websites
to
deliver
components.
The
malware
deployed
a
set
of
backdoors,
credential
stealers,
keyloggers,
screen
capture,
audio
capture,
and
data
exfiltration
modules
to
harvest
information.
era,
demonstrating
cross-platform
operation
and
stealth
through
legitimate
certificates
and
concealment
techniques.
It
affected
hundreds
of
victims
in
at
least
31
countries,
including
Spain,
Portugal,
and
several
nations
in
Latin
America
and
North
Africa.
used
The
Mask
as
an
alias.
The
activity
is
believed
to
have
spanned
from
around
2007
to
2012,
with
a
peak
around
2010–2011.
supply-chain
security.
Analyses
described
its
modular
framework
and
rootkit
components
as
influential
in
understanding
subsequent
sophisticated
espionage
tooling.