Danger Will Robinson....!
" Author: Andy GreenbergAndy Greenberg
security 04.09.19 11:30 pm
Mysterious Hackers Hid Their Swiss Army Spyware for 5 Years..."
More Here :
Code:
https://www.wired.com/story/tajmahal-swiss-army-spyware-apt/?utm_source=pocket-newtab
"Security researchers still aren't sure who's behind the versatile TajMahal spyware—or how they went undetected for so long.
Alyssa Foote"
It's not every day that security researchers discover a new state-sponsored hacking group. Even rarer is the emergence of one whose spyware has 80 distinct components, capable of strange and unique cyberespionage tricks—and who's kept those tricks under wraps for more than five years.
In a talk at the Kaspersky Security Analyst Summit in Singapore Wednesday, Kaspersky security researcher Alexey Shulmin revealed the security firm's discovery of a new spyware framework—an adaptable, modular piece of software with a range of plugins for distinct espionage tasks—that it's calling TajMahal. The TajMahal framework's 80 modules, Shulmin says, comprise not only the typical keylogging and screengrabbing features of spyware, but also never-before-seen and obscure tricks. It can intercept documents in a printer queue, and keep track of "files of interest," automatically stealing them if a USB drive is inserted into the infected machine. And that unique spyware toolkit, Kaspersky says, bears none of the fingerprints of any known nation-state hacker group."...! ...
"Nor has Kaspersky determined how the hackers behind TajMahal gain initial access to a victim network. But they do note that the group plants an initial backdoor program on machines, which the hackers labelled Tokyo.
That backdoor uses the tool PowerShell, often exploited by hackers, to allow the intruders to spread their compromise, connect to the a command-and-control server, and plant TajMahal's much more multifunctional payload spyware, labelled by the hackers as Yokohama, with its dozens of distinct modules.1 "...!
One has to Read the Whole Article to get the jist of it..!