The malware, the researchers said, shares characteristics with the previously identified viruses, which were aimed at computers tied to Iran’s nuclear program. But the new software has been found primarily in Lebanon. It is designed to steal information, including customer data from banks as well as PayPal and Citibank. …

In its analysis, Kaspersky experts stopped short of speculating on who might be behind the new malware, dubbed Gauss, but they said they believe it “was created by the same ‘factory’ which produced Flame. This indicates it is most likely a nation-state sponsored operation.” …

So far, Kasperksy has found about 2,500 infections but believes there may be tens of thousands worldwide. In addition to finding the malware in Lebanon, researchers found it in Israel and the Palestinian territories.