TajMahal discovered in extremely treacherous cyber-espionage scheme
One just unearthed malware program put in operation in an extremely treacherous cyber-espionage scheme features many fresh malicious functionalities, which apparently works in one wholly new type of attack with little familiar associations with either known hackers' groups or other cyber-criminals.
The malware program called TajMahal is a sophisticated type of backdoor which contains eighty modules for a variety of spying abilities whereby it manages taking screenshots, recording keystrokes, stealing browser cookies, switching on the webcam, and carrying out some dozens of more usual espionage activities.
The perpetrators developing the said backdoor configured dual phases or packages, known as "Yokohama" and "Tokyo" which in all consist of the eighty malicious modules. Security researchers discovered that the systems, which contracted TajMahal, were contaminated with both the packages -Yokohama and Tokyo. This suggested both stayed active on the hijacked devices leading to the discovery that Tokyo's presence happened to be the first phase of contamination thereafter installing Yokohama the package in its complete functional form onto the victims' devices.
However, when Security Software Kaspersky labeled one file as dubious it alerted the researchers. As says chief malware analyst Alexey Shulmin from Kaspersky Lab, the file showed up as one malicious plugin that was sophisticated enough to indicate itself as an APT, as well as that an absence of code like in any familiar assault indicated the APT was not known earlier. Given all this knowledge, Kaspersky Lab was able to spot many more such files leading the security company to conclude that the malicious program related to an earlier unfamiliar, highly uncommon, online spying platform, Shulmin elaborates. www.zdnet.com posted this, April 10, 2019.
And remaining undetected for such a long time was possible for TajMahal because of its wholly fresh code base, while having little similarities with familiar malicious software or APTs. Further, its automatic update system with which it routinely deployed fresh variants helped it to bypass identification. Security researchers recommend organizations to update all software they work with as also install security patches created for remedying known vulnerabilities on a priority basis for safeguarding from assaults by novel as well as unknown cyber-criminals.
» SPAMfighter News - 18-04-2019
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!