Security researchers at Kaspersky Lab have identified a new sophisticated spyware framework, dubbed as ‘TajMahal‘. It consists of 80 malicious and distinct modules capable of carrying out various attack scenarios using different tools. The spyware has been operational since the past five years and so far, only one victim has been identified.
Kaspersky Lab detected the attack on a “diplomatic organisation” in a Central Asian country. The security research firm has decided not to reveal the country. TajMahal is a newly discovered Advanced Persistent Threat (APT) framework that has been apparently active for the last five years. An APT is a form of an attack on a system or network where the attacker or a group successfully gains unauthorised and sometimes unrestricted access. The malicious code or malware stays dormant and undetected for an extended period of time. Such type of attacks are usually carried out against big enterprises and sometimes can also have political motivations.
A report posted by Kaspersky Lab states that TajMahal’s APT consisted of two primary parts including Tokyo and Yokohama. Tokyo forms the back door of the system to deliver the second stage of the malware. Yokohama is the main weapon payload that packs all the malicious plugins to attack the system or network. It’s activated when the second stage of attack is initiated.
There are many things it’s capable of including stealing cookies, intercepting documents from the print queue, collecting data about the victim, recording and taking screenshots of VoIP calls, stealing optical disc images made by the victim and indexing files even from external drives and potentially stealing specific files when they are detected again.
“TajMahal is an extremely rare, technically advanced and sophisticated framework, which includes a number of interesting features we have not previously seen in any other APT activity. Coupled with the fact that this APT has a completely new code base—there are no code similarities with other known APTs and malware—we consider TajMahal to be special and intriguing”, said Kaspersky security researcher Alexey Shulmin during an interview with Wired.
Kaspersky Lab says that its products are capable of detecting TajMahal and the threat was initially discovered using its own “automatic heuristic technologies”. However, as a home or personal user, you don’t really need to worry about an APT attack.