Once Careto has compromised a system, it begins collecting sensitive information from it. The software can "intercept network traffic, keystrokes, Skype conversations, analyse WiFi traffic, PGP keys, fetch all information from Nokia devices, screen captures and monitor all file operations."
It can also capture any encryption keys found on the machine, which can help launch attacks against other machines. The software has a plug-in architecture, allowing the attacker to dynamically load new software to perform tasks such as monitoring keystrokes or capturing the victim's email.
Early malware spread uncontrolled from computer to computer. In contrast, Careto is highly targeted. Kaspersky was able to gather data about who was subject to attacks. Most of the attacks targeted government institutions, embassies, oil and gas companies, research organizations, private equity firms and activists.
Computers around the world were targeted, with no apparent pattern:
So who's behind the malware? It's likely that only national intelligence agencies have the resources to build software of this complexity and sophistication. Fragments of Spanish embedded in the software's files suggest that the culprit is a native Spanish speaker. But it's not clear which Spanish-speaking nation would build such a sophisticated intelligence operation. And the researchers note that the fragments of Spanish may be a "false flag" operation: The software's authors may have deliberately inserted Spanish slang into the software's source code to divert attention from the real authors.
Regardless, the emergence of the malware underscores that software-based espionage is an important new source of power. Last year, documents leaked by Edward Snowden revealed that the National Security Agency has a large "Tailored Access Operations" department dedicated to building offensive hacking capabilities. If the NSA didn't build Careto, it's a safe bet that they have something like it. And intelligence agencies in China, Russia and other great powers are likely working on software like it too.