Turla malware uses Gmail to issue commands to infected machines

(Image credit: Shutterstock.com)

One of Russia’s most advanced state-sponsored hacker groups has added several devious new tools to its arsenal, security researchers have warned.

Although the Turla group is still using the v4 version of the ComRAT malware, ESET researchers warned that this has since been updated to include two new features: exfiltration of victim’s antivirus logs, and the ability to control the malware via a Gmail inbox. 

According to ESET, the antivirus logs are stolen by the malware and then uploaded to one of its command-and-control servers.

The malware was discovered to have been deployed in January, targeting parliaments and Foreign Affairs ministries of three unidentified European governments.

Turla malware

The Gmail control mechanism is another new functionality, wherein the malware commandeers the victim’s browser, loads a predefined cookie file and initiates a session to the Gmail web dashboard.

Once this is done, Turla operators can simply send an email to the Gmail account with instructions in an attached file. The ComRAT malware will read the email, download the attachment, and read and execute the instructions therein. All data thus collected will be sent back to the Gmail inbox and thereby to the operators. 

Matthieu Faou, an ESET researcher, told ZDNet that collecting antivirus logs might be to "allow them to better understand if and which one of their malware sample[s] was detected." This would help tweak the malware to avoid detection in the future. 

It is typically challenging to figure out which files were “exfiltrated” by the attackers, Faou pointed out, adding that for relatively advanced groups, however, “it is not uncommon to try to understand if they are detected or if they leave traces behind them or not."

  • Stay protected online with our top picks for the best antivirus software

Via: ZDNet

Jitendra Soni

Jitendra has been working in the Internet Industry for the last 7 years now and has written about a wide range of topics including gadgets, smartphones, reviews, games, software, apps, deep tech, AI, and consumer electronics.  

Latest in Security
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Biometrics add another layer of security to passwordless authentication
Data leak
Hacked Tata Technologies data leaked by ransomware gang
Latest in News
Cristin Milioti in Black Mirror season 7
Netflix launches trailer for Black Mirror season 7, giving us a look at its first-ever sequel episode and an unexpected returning character
A graphic of the PC Gaming Show
Get ready for a bounty of PC games on June 8, as the PC Gaming show is back
A close up of The Daily podcast from Pocket Casts' web page
‘Podcasting shouldn’t be locked behind walled gardens’: Pocket Casts slams Spotify and makes its web player free to all
A smartphone on a sofa showing the WhatsApp, Telegram and Signal apps
Forget AI – WhatsApp is planning a simple messages feature that could be its most useful upgrade in years
NordicTrack Ultra 1
The new NordicTrack Ultra 1 treadmill looks like it was designed by an architect and costs $15,000
An Nvidia GeForce RTX 5070
Nvidia RTX 5080 stock is so barren that retailers are holding competitions where you can "win" the right to buy one for MSRP