Security company Shape Security discovered a new strain of malware which is exploiting Gmail service as a communication channel with control server.
Security experts at Shape Security announced to have found a new strain of malware that implements a smart technique to communicate with command and control servers, the commands are hidden in unassuming Gmail drafts that are never even sent.http://securityaffairs.co/wordpress/wp-content/uploads/2014/11/Gmail-Drafts-2.jpg
The technique is very hard to detect as explained by the researchers at Shape Security:
“What we’re seeing here is command and control that’s using a fully allowed service, and that makes it superstealthy and very hard to identify,” says Wade Williamson, stated one of the experts “It’s stealthily passing messages back and forth without even having to press send. You never see the bullet fired.”
Full Article