The TVSPY APT seems to grow each year, the report from Damballa shows that in 2012 only 5 unique TVSPY samples were identified, in 2013, this number was raised to 8 and in 2014 the number was set on 10 unique malware samples.
And finally, in 2015, 22 unique samples were identified by Damballa. ESET and GROUP-IB have discussed this APT in 2011 as a “crimeware” attack, but Kaspersky mentioned the TVSPY attack as an APT in their 2013 report.
The TVSPY malware is being sold on underground forums for a value of 400 dollars and according to the report, the developer behind TVSPY would be someone which uses the “Mr.Burns” handle. The person which is currently selling the TVSPY malware on underground forums uses the handle “Scalpel”.