Last week, the EFF blogged about a remote access tool called "XTreme RAT," which was spreading through email and chat programs. The malware could take screenshots and log keystrokes on a victim's computer, sending the data to a Syrian IP address.

The organization also noted another remote access tool, Darkcomet RAT, which was reportedly infecting the computers of Syrian activists a few weeks before. That tool could disable antivirus programs, record keystrokes and steal passwords, also sending the data to the same IP address in Syria as "XTreme RAT," .