Cybersecurity researchers say they've uncovered a variant of malicious software known as Sykipot that specifically targets smart identity cards used by a number of federal agencies, including the departments of Defense and Homeland Security.

In a July 12 blog post, researchers from alienvault labs say the variant appears to have been compiled in March 2011. Once downloaded onto a computer via a phishing attack (in which an email containing an infected attachment or link to a malware-controlled website appears to originate from a legitimate source), the Sykipot variant uses a keylogger to steal PINs users enter to authenticate their identity, the Campbell, Calif.-based company says.

"When a card is inserted into the reader, the malware then acts as the authenticated user and can access sensitive information," researchers add.

Sykipot is believed to have originated in China and phishing attacks carrying the malware have originated from servers in China "with what appears to be the purpose of obtaining information from the defense sector," alienvault says. Researchers found Chinese characters "in a small snippet of code in this latest strain," says the New York Times.

The variant specifically targets smart card readers running the ActivClient authentication application, which is made by Fremont, Calif.-based ActivIdentity, according to alienvault.

In a statement, an ActivIdentity spokeswoman said the company's "initial assessment is this potential vulnerability is completely unrelated to ActivIdentity ActivClient software."

"Nevertheless, it is possible that unauthorized persons may eventually be able to access company IT networks should personal computers become compromised with malware," the spokeswoman added.

For more:
- go to the alienvault blog post

Related Articles:
MIT: Cyber attack on electric grid 'almost certain' 
No evidence of hacking at Illinois water plant, says DHS 
House Cybersecurity Task Force suggests incentives, info-sharing