Security News > 2020 > May > Turla's Updated ComRAT Malware Uses Gmail for C&C Communication
An updated version of the ComRAT malware that Russia-linked cyber-espionage threat actor Turla has been using in recent attacks can connect to Gmail to receive commands, ESET reports.
One of the oldest malware families used by the group, ComRAT was used to target the US military in 2008 and saw two major versions released until 2012, both derived from the same code base.
Relying on cookies stored in the configuration file, the malware can connect to the Gmail web interface to check an inbox and download attachments containing encrypted commands that the attackers have sent from a different address.
The new malware variant is named Chinch internally, shares part of its network infrastructure with Mosquito, and has been observed being dropped or dropping Turla malware such as a customized PowerShell loader, the PowerStallion backdoor, and the RPC backdoor.
Mainly designed for the exfiltration of confidential documents, ComRAT v4 also allows attackers to deploy additional malware onto the compromised environments.