Google\u2019s managed defense team, working to empower the Google security operations community, has published a technical deep-dive into a confirmed malware threat that acts as a backdoor supporting commands involving supports commands keylogging, screen capture, audio capture, remote shell and file transfer as well as file execution. The malware, known as playfulghost, has been observed distributed through SEO poisoning methodologies which \u201cbundle\u201d it with popular VPN and other applications. Here\u2019s what you need to know.<\/p>\n
Google Warns Of Playfulghost Backdoor Danger<\/p>\n
As part of a threat intelligence blog series called Finding Malware, Google security researchers have vowed to provide empowerment to the Google security operations community by divulging the information required to detect both emerging and persistent malware threats. The same threat intel outlet, however, is a treasure trove of awareness opportunities for consumers looking to protect themselves from the latest threats. Knowledge is, after all, power. Of course, most consumers will find this stuff a little bit too technical to be of any actual use, which is where I come in as a techspeak-to-normal translator.<\/p>\n
The new playfulghost threat is built on the back of a long-in-the-tooth remote administration tool, a remote access trojan known as Gh0st, that has been in the security spotlight since 2008.<\/p>\n
Differentiating itself from the original, a member of the Google managed defense team, identified only as Tatsuhiko, said, by way of \u201cits use of distinct traffic patterns and encryption,\u201d playfulghost has two primary distribution methods to watch out for:<\/p>\n
Phishing attacks\u2014where there is malware, there is phishing; I\u2019m thinking of getting that security mantra tattooed on my forehead to help spread awareness. Seriously though, emails with themes, Tatsuhiko said, of \u201ccode of conduct\u201d have been observed to be a starting point for the tricking of recipients into downloading the malware.<\/p>\n