Threat Database Malware TajMahal Malware

TajMahal Malware

By GoldSparrow in Malware

The TajMahal Malware threat has been in the news recently because it managed to stay hidden for more than five years. It seems that the TajMahal Malware was created and used by a hacking group that is state-sponsored. The TajMahal Malware seems to have at least 80 different components and is capable of carrying out effective and unique malware attacks. Rather than referring to the TajMahal Malware as a single malware threat, it may be more appropriate to refer to the TajMahal Malware as a spyware framework on a modular structure that allows the TajMahal Malware to be extremely adaptable and capable of numerous different attacks. It seems that the TajMahal Malware's main purpose is to carry out espionage and many of its modules go well beyond the typical features found in spyware like this.

What is the Threat Presented by the TajMahal Malware

Most spyware threats are capable of logging the victim's keystrokes or take screenshots. While the TajMahal Malware certainly does this, the TajMahal Malware also can carry out other tasks that have not been observed in other spyware threats. For example, the TajMahal Malware can intercept documents from a printer queue or keep track of certain files and collect them when they are detected. One mysterious aspect of the TajMahal Malware is that while it is clear that the resources behind it point to a nation state actor responsible for financing the attacks, the TajMahal Malware does not look like to belong to any known criminal group at the moment. The TajMahal Malware is extremely complex and sophisticated and was part of long term espionage operations that are quite advanced technically. The TajMahal Malware is unique in that it also does not seem to be based on existing threats, bringing much new technology to the spyware world.

The History of the TajMahal Malware’s Detection

The TajMahal Malware was first detected in the Fall of 2018 on a single infected network, at the embassy of a country in Central Asia. It is very likely that the TajMahal Malware had been deployed in other attacks, though. However, since PC security researchers are investigating the circumstances of the TajMahal Malware attack currently, there is much about the existing attacks that have not been made public. This is due to the potential for copycat malware and to alert the criminals responsible for the TajMahal Malware attacks. One thing to note about the TajMahal Malware is that its sophistication and the identity of the known victim points to the likelihood that the TajMahal Malware was developed with many resources and generally would need the resources of an intelligence agency to carry out these attacks. Some modules associated with the TajMahal Malware are dated back to 2013, with new ones dated in subsequent years. This is especially shocking since it indicates that a threat of the TajMahal Malware's sophistication has been in use since 2013 and was only detected more than five years later. It is a sobering thought to consider how much malware activity may be being undertaken without PC security researchers being aware of its existence currently.

Components of the TajMahal Malware Attack

As mentioned before, it does not seem that the TajMahal Malware has any similarities to spyware that is currently in use. The TajMahal Malware seems to be based on two packages that have been named 'Yokohama' and 'Tokyo.' These include the TajMahal Malware's primary payload, a backdoor used to deliver the TajMahal Malware to the victims' computer and two help files. These have allowed PC security researchers to determine that the TajMahal Malware has at least 80 distinct modules that can be used for a variety of data collecting operations, ranging from the use of infected devices' microphones and cameras, traditional backdoor features, and rarely seen techniques such as collecting data as it is burned to a CD or infiltrating printing queues. Due to the high-profile of the TajMahal Malware, regular computer users are unlikely to be the targets of these attacks.


Most Viewed