Mahdi (malware)

Mahdi is computer malware that was initially discovered in February 2012 and was reported in July of that year.^[1] According to Kaspersky Lab and Seculert (an Israeli security firm which discovered the malware), the software has been used for targeted cyber espionage since December 2011, infecting at least 800 computers in Iran and other Middle Eastern countries. Mahdi is named after files used in the malware and refers to the Muslim figure.^[2]

Seculert and Kaspersky named the malware after "Mehdi" because the attackers put a folder with the same name in the infected computers in order to spread malware. According to the security experts, Mahdi malware works apparently at a lower level than Stuxnet and is made using existing public softwares.^[3]