[ISN] Hackers use DRAFT emails as dead-drops for running malware

http://www.theregister.co.uk/2014/11/06/hackers_use_gmail_drafts_as_dead_drops_to_control_malware_bots/ By John Leyden The Register 6 Nov 2014 Sneaky hackers are using Gmail and Yahoo! drafts to control compromised devices, with the tactic designed to make detection of malware-related communications more difficult to pick up in enterprise environments. Attacks occur in two phases. Hackers first infect a targeted machine via simple malware that installs Python onto the device, enabling simple attack scripts to run. Using Gmail (or Yahoo! Mail), hackers then use draft emails to run command and control prompts on these compromised systems, allowing them to siphon data from infected devices. The new attack methods have already been used in the wild against a variety of large-scale targets, according to security researchers at Shape Security, who say the malware at the centre of the attack is a variant of the Icoscript remote access trojan first discovered by the German security software firm G-Data back in August. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail