Hackers use DRAFT emails as dead-drops for running malware

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2014/11/06/hackers_use_gmail_drafts_as_dead_drops_to_control_malware_bots/

By John Leyden
The Register
6 Nov 2014

Sneaky hackers are using Gmail and Yahoo! drafts to control compromised 
devices, with the tactic designed to make detection of malware-related 
communications more difficult to pick up in enterprise environments.

Attacks occur in two phases. Hackers first infect a targeted machine via 
simple malware that installs Python onto the device, enabling simple 
attack scripts to run.

Using Gmail (or Yahoo! Mail), hackers then use draft emails to run command 
and control prompts on these compromised systems, allowing them to siphon 
data from infected devices.

The new attack methods have already been used in the wild against a 
variety of large-scale targets, according to security researchers at Shape 
Security, who say the malware at the centre of the attack is a variant of 
the Icoscript remote access trojan first discovered by the German security 
software firm G-Data back in August.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/