 "'TajMahal' spyware detected by Kaspersky Lab stayed hidden for past five years")
Security researchers at Kaspersky Lab have identified a new sophisticated spyware framework, dubbed as ‘TajMahal’. It consists of 80 malicious and distinct modules capable of carrying out various attack scenarios using different tools. The spyware has been operational since the past five years and so far, only one victim has been identified. [caption id=“attachment_6332141” align=“alignnone” width=“1280”]  Representative image. Image: Reuters.[/caption] Kaspersky Lab detected the attack on a “diplomatic organisation” in a Central Asian country. The security research firm has decided not to reveal the country. TajMahal is a newly discovered Advanced Persistent Threat (APT) framework that has been apparently active for the last five years. An APT is a form of an attack on a system or network where the attacker or a group successfully gains unauthorised and sometimes unrestricted access. The malicious code or malware stays dormant and undetected for an extended period of time. Such type of attacks are usually carried out against big enterprises and sometimes can also have political motivations. A report posted by Kaspersky Lab states that TajMahal’s APT consisted of two primary parts including Tokyo and Yokohama. Tokyo forms the back door of the system to deliver the second stage of the malware. Yokohama is the main weapon payload that packs all the malicious plugins to attack the system or network. It’s activated when the second stage of attack is initiated. There are many things it’s capable of including stealing cookies, intercepting documents from the print queue, collecting data about the victim, recording and taking screenshots of VoIP calls, stealing optical disc images made by the victim and indexing files even from external drives and potentially stealing specific files when they are detected again. “TajMahal is an extremely rare, technically advanced and sophisticated framework, which includes a number of interesting features we have not previously seen in any other APT activity. Coupled with the fact that this APT has a completely new code base—there are no code similarities with other known APTs and malware—we consider TajMahal to be special and intriguing”, said Kaspersky security researcher Alexey Shulmin during an interview with Wired. Kaspersky Lab says that its products are capable of detecting TajMahal and the threat was initially discovered using its own “automatic heuristic technologies”. However, as a home or personal user, you don’t really need to worry about an APT attack.
The TajMahal spyware consisted of 80 malicious modules that enabled a wide range of attacks on victims.
Advertisement
End of Article
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
](https://images.firstpost.com/wp-content/uploads/2019/03/Kaspersky-Lab.jpg){kind=link}