Google’s managed defense team, working to empower the Google security operations community, has published a technical deep-dive into a confirmed malware threat that acts as a backdoor supporting commands involving supports commands keylogging, screen capture, audio capture, remote shell and file transfer as well as file execution. The malware, known as playfulghost, has been observed distributed through SEO poisoning methodologies which “bundle” it with popular VPN and other applications. Here’s what you need to know.
Google Warns Of Playfulghost Backdoor Danger
As part of a threat intelligence blog series called Finding Malware, Google security researchers have vowed to provide empowerment to the Google security operations community by divulging the information required to detect both emerging and persistent malware threats. The same threat intel outlet, however, is a treasure trove of awareness opportunities for consumers looking to protect themselves from the latest threats. Knowledge is, after all, power. Of course, most consumers will find this stuff a little bit too technical to be of any actual use, which is where I come in as a techspeak-to-normal translator.
The new playfulghost threat is built on the back of a long-in-the-tooth remote administration tool, a remote access trojan known as Gh0st, that has been in the security spotlight since 2008.
Differentiating itself from the original, a member of the Google managed defense team, identified only as Tatsuhiko, said, by way of “its use of distinct traffic patterns and encryption,” playfulghost has two primary distribution methods to watch out for:
Phishing attacks—where there is malware, there is phishing; I’m thinking of getting that security mantra tattooed on my forehead to help spread awareness. Seriously though, emails with themes, Tatsuhiko said, of “code of conduct” have been observed to be a starting point for the tricking of recipients into downloading the malware.
Source: Forbes