Hackers have picked up where General David Petraeus and his clandestine lover left: leaving letters in the draft folder of Gmail account they used to share. The covert technique that couple chose to exchange communications and keep their extra-marital affair secret was to write and store those love letters in the Draft folders. That way, they could avoid sending to each other’s other email accounts and leaving electronic traces. Hackers have found this astute trick to spread more malware on the sly, found by researchers of Shape Security.
The security startup firm has conducted a research has published that their researchers have discovered a slew of malware files left on their clients’ network which uses a secretive “command and control” styled channel for communication. This channel allows hackers not only to connect to the malware programs, but to share updates on those malware programs, guidelines to use those malicious software and to collect stolen data. These instructions and updates being inconspicuously written and kept in Gmail drafts, these communication channels are hardly detectable. Wade Williamson, a security researcher at Shape security startup, has revealed that “What we’re seeing here is command and control that’s using a fully allowed service, and that makes it stealthy and very hard to identify. It’s stealthily passing messages back and forth without even having to press send. You never see the bullet fired.”
The security firm has observed and discovered how the hackers attack. The method involves: at first, the hacker signs up and creates an anonymous Gmail account. After creating the email account, the hacker targets a computer which is connected to the network with malware. Once they gain control of the target’s computer, the hacker accesses the Gmail account in that target’s PC in Internet Explorer. Later Internet Explorer is automatically executed by some malware programs to query for a web page, unbeknown to the user that a webpage is open on his/her PC. These malware programs are written in Python script to collect commands and codes entered in the draft field. Those malware programs work to extract data from the network. The researchers revealed that this new malware infection is a variant of a remote access trojan (RAT) which was spotted by G-Data security software in August.