The key to defending against new attack types is a multi-layered security strategy.


Attackers are always looking to get the upper hand on their targets. Many of the methods and tactics attackers use are tried-and-true. But sometimes we see things we haven’t seen before.

An example of this was highlighted in a recent article on ZDNet. Threat researchers recently discovered that a new form of malware is being deployed as part of a highly-stealthy cyber espionage campaign.

“TajMahal,” which is named after the file it uses to exfiltrate stolen data, has a number of new capabilities including: stealing documents sent to a printer queue; the ability to steal files previously seen on removable drives as soon as they’re available again; the availability to steal data burnt onto a CD by a victim; and the ability to take screenshots when recording audio from VoiceIP applications.

This malware provides cybercriminals with a “full blown spying framework,” allowing them to issue commands directly to the backdoor of infected systems. This includes being able to issue system commands, take screenshots and use keylogging to steal usernames and passwords. It can even open and exfiltrate documents using its file indexer.

Researchers said TajMahal was able to hide under the radar for so long because it has a completely new code base, with no similarities to known APTs or malware and by employing an automatic update mechanism that's regularly used to deploy new samples as needed.

Sophisticated malware detection capabilities needed

TajMahal again shows that the industrialization of cybercrime is a fact of life. Technical specialists, nation state actors, cybercriminals, botnet masters and many other members of the malicious supply-chain continue to work their turf and collaborate for mutual benefit. And this newly discovered RAT or ATP framework is just more evidence of this.  

While at first glance it appears that this exploit has been focused on enabling nation state attacks for cyber espionage, we should assume that this tool will eventually be used and mutated by money-oriented cybercriminals for their broader purposes. This is generally what happens with sophisticated new attack tools: usage spreads out over time.

While initial reports are unclear about the distribution method of TajMahal, given that the Tokyo portion of it is a dropper, the likelihood that it is or will be delivered via email is very high. This is why email security systems with sophisticated malware detection capabilities are a must.

Email security systems in conjunction with endpoint protection, patching, network monitoring, web security and other security controls are an important part of a multi-layered security strategy.

Learn more here.

Sie wollen noch mehr Artikel wie diesen? Abonnieren Sie unseren Blog.

Erhalten Sie alle aktuellen Nachrichten, Tipps und Artikel direkt in Ihren Posteingang

Das könnte Ihnen auch gefallen:

Mittelständler weiterhin bevorzugtes Ziel für Cyber-Bedrohungen

More data points are available to make y…

More data points are available to make your resilience case.… Read More >

Ed Jennings

by Ed Jennings

Former Chief Operating Officer

Posted Apr 09, 2019

Phisher Pleads Guilty in Scam Targeting High-Profile Celebrities, Athl…

A reminder: phishing and brand-spoofing …

A reminder: phishing and brand-spoofing works best against t… Read More >

Matthew Gardiner

von Matthew Gardiner

Principal Security Strategist

Posted Apr 01, 2019

Die Entwicklung von CISO-Strategien

How has the CISO role changed through th…

How has the CISO role changed through the years? Charles Da… Read More >

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Mar 15, 2019