Hackers always seem to be one step ahead of even the strictest network security protocols and now they may be using Gmail to actively control the malware with which they infect systems. Researchers at Shape Security recently discovered evidence of this new menace on a client’s network.
After successfully infecting a networked machine with malware, hackers can exploit a function of Internet Explorer that allows it to run invisibly so that Windows programs can query web pages without opening a browser window. Through this hidden exploit, hackers can use the draft folder of an anonymous Gmail account to leave commands for their malware which retrieves the code using a Python script. The malware can leave its own acknowledgements and hacked data in draft form as well. These communications are doubly protected by the hackers’ encoding and by the use of a reputable web service to disguise intrusive activities. According to Shape, the method is an upgrade from a malware called Icoscript which has been infecting machines since 2012 and uses Yahoo Mail to disguise its command and control process. There is no easy way to detect data theft at this time without outright blocking Gmail, which means that Google will need to take additional measures to secure its webmail against automated malware.
The average user relies heavily on web-based services and cloud data and newer operating systems are designed to seamlessly integrate web access. While this provides convenience for users, it also places their private data in a more vulnerable position. Both users and developers must take additional precautions to prevent hackers from exploiting the increasingly open nature of networks.
It all just reinforces the sad fact that because of the cretinous activities of such people that the majority of web/email users have to continuously be aware of the menace that always lies under the surface.