Turla malware uses Gmail to issue commands to infected machines
Russian hacker group said to update malware targeting antivirus logs
One of Russia’s most advanced state-sponsored hacker groups has added several devious new tools to its arsenal, security researchers have warned.
Although the Turla group is still using the v4 version of the ComRAT malware, ESET researchers warned that this has since been updated to include two new features: exfiltration of victim’s antivirus logs, and the ability to control the malware via a Gmail inbox.
According to ESET, the antivirus logs are stolen by the malware and then uploaded to one of its command-and-control servers.
- Zloader malware makes a sudden resurgence
- Microsoft and Intel are turning malware into images
- Malware turns Discord client into password stealer
The malware was discovered to have been deployed in January, targeting parliaments and Foreign Affairs ministries of three unidentified European governments.
Turla malware
The Gmail control mechanism is another new functionality, wherein the malware commandeers the victim’s browser, loads a predefined cookie file and initiates a session to the Gmail web dashboard.
Once this is done, Turla operators can simply send an email to the Gmail account with instructions in an attached file. The ComRAT malware will read the email, download the attachment, and read and execute the instructions therein. All data thus collected will be sent back to the Gmail inbox and thereby to the operators.
Matthieu Faou, an ESET researcher, told ZDNet that collecting antivirus logs might be to "allow them to better understand if and which one of their malware sample[s] was detected." This would help tweak the malware to avoid detection in the future.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
It is typically challenging to figure out which files were “exfiltrated” by the attackers, Faou pointed out, adding that for relatively advanced groups, however, “it is not uncommon to try to understand if they are detected or if they leave traces behind them or not."
- Stay protected online with our top picks for the best antivirus software
Via: ZDNet
Jitendra has been working in the Internet Industry for the last 7 years now and has written about a wide range of topics including gadgets, smartphones, reviews, games, software, apps, deep tech, AI, and consumer electronics.