Turla malware uses Gmail to issue commands to infected machines

Russian hacker group said to update malware targeting antivirus logs

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

One of Russia’s most advanced state-sponsored hacker groups has added several devious new tools to its arsenal, security researchers have warned.

Although the Turla group is still using the v4 version of the ComRAT malware, ESET researchers warned that this has since been updated to include two new features: exfiltration of victim’s antivirus logs, and the ability to control the malware via a Gmail inbox.

According to ESET, the antivirus logs are stolen by the malware and then uploaded to one of its command-and-control servers.

The malware was discovered to have been deployed in January, targeting parliaments and Foreign Affairs ministries of three unidentified European governments.

Turla malware

Turla malware

The Gmail control mechanism is another new functionality, wherein the malware commandeers the victim’s browser, loads a predefined cookie file and initiates a session to the Gmail web dashboard.

Once this is done, Turla operators can simply send an email to the Gmail account with instructions in an attached file. The ComRAT malware will read the email, download the attachment, and read and execute the instructions therein. All data thus collected will be sent back to the Gmail inbox and thereby to the operators.

Matthieu Faou, an ESET researcher, told ZDNet that collecting antivirus logs might be to “allow them to better understand if and which one of their malware sample[s] was detected.” This would help tweak the malware to avoid detection in the future.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

It is typically challenging to figure out which files were “exfiltrated” by the attackers, Faou pointed out, adding that for relatively advanced groups, however, “it is not uncommon to try to understand if they are detected or if they leave traces behind them or not."

Via:ZDNet

Jitendra has been working in the Internet Industry for the last 7 years now and has written about a wide range of topics including gadgets, smartphones, reviews, games, software, apps, deep tech, AI, and consumer electronics.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Anker Nebula Mars 3 review: A powerful and truly portable projector