A joint effort of the Computer Emergency Response Team of Ukraine (CERT-UA) and the Foreign Intelligence Service of Ukraine revealed new modifications of Pterodo malware in computers used in Ukraine’s state agencies, which indicates that preparations are likely underway for a massive cyber attack. ‘The malware collects data about the system, regularly sends them to the command and control servers and waits for further commands,’ reads the report published on the CERT-UA website. Regarding the NEW-SAR_v.14 version, experts note that the main difference of new modifications from previous versions is that the system can become infected via flash drives and other removable storage media, as well as flash drives connected to the affected machine could be infected for further malware distribution, UNIAN agency reported. Documents (.doc, .docx), images (.jpg) and text files (.txt) are copied to a hidden MacOS folder with the names FILE . (for example, FILE3462.docx), while on flash drives, shortcuts are created with the original file names, which ensure simultaneous opening of the original file copied to the MacOS folder and the execution of the created malicious usb.ini file. The virus body performs the same functions as in its previous versions: it sends information about the system, updates itself, and downloads components if available. In addition, the new version is activated only on systems with localization of languages of the post-Soviet states, namely, Ukrainian, Belarusian, Russian, Armenian, Azerbaijani, Uzbek, Tatar and others, which complicates the analysis of the virus with popular automated malware analysis systems.