TajMahal packs a palace of hurt
Cybersecurity experts are calling attention to what appears to be spyware on steroids. The TajMahal malware has been around since 2013 but was not discovered until late 2018. It is completely unique in that it has no known association with any advanced persistent threats (APTs) or malware. Its code is unlike others, and it uses an update mechanism to keeps its malware fresh so it avoids detection. Researchers are both impressed and unnerved by the level of sophistication in the malware, which includes malicious acts previously unseen such as stealing documents that had been sent to the printer queue, stealing files that had been accessed on removable drives, stealing data that had been burnt on a CD, and take screenshots as it records audio. The malware gives the attacker an all-access backdoor from which he or she can execute commands, use keylogging, exfiltrate files, steal cryptography keys, steal browser cookies, and more. All told, there are about 80 malicious acts that can be executed with TajMahal. What can you do? Always implement security patches for known vulnerabilities; keep all your software updated with the latest release; and, always use an antivirus software.
