A ‘Taj Mahal’ warning for you

Date:

Trending

Researchers with cyber security firm Kaspersky Lab have uncovered a sophisticated spying platform, TajMahal, that has been active for more than five years now and appears to be unconnected to any known threat actors.

- Advertisement -

The TajMahal framework features around 80 malicious modules and includes functionality is never before seen in an advanced persistent threat, such as the ability to steal information from printer queues and to grab previously seen files from a USB device the next time it reconnects, the researchers said.

Kaspersky Lab has so far seen only one victim, a foreign-based central Asian embassy, but it is likely that others have been affected.

- Advertisement -

“It seems highly unlikely that such a huge investment would be undertaken for only one victim. This suggests that there are either further victims not yet identified, or additional versions of this malware in the wild, or possibly both,” said Alexey Shulmin, Lead Malware Analyst at Kaspersky Lab.

“The distribution and infection vectors for the threat also remain unknown. Somehow, it has stayed under the radar for over five years. Whether this is due to relative inactivity or something else is another intriguing question. There are no attribution clues nor any links we can find to known threat groups,” Shulmin added.

The name “TajMahal” comes from the name of the file used to exfiltrate the stolen data, Kaspersky Lab said.

The TajMahal framework is believed to include two main packages, self-named as “Tokyo” and “Yokohama”.

Tokyo is the smaller of the two, with around three modules. It contains the main backdoor functionality, and periodically connects with the command and control servers. Tokyo leverages PowerShell and remains in the network even after the intrusion has moved to stage two.

Stage two is the Yokohama package: a fully armed spying framework. Yokohama includes a Virtual File System (VFS) with all plug-ins, open source and proprietary third-party libraries, and configuration files. There are nearly 80 modules in all, and they include loaders, orchestrators, command and control communicators, audio recorders, keyloggers, screen and webcam grabbers, documents and cryptography key stealers.

TajMahal is also able to grab browser cookies, gather the backup list for Apple mobile devices, steal data from a CD burnt by a victim as well as documents in a printer queue, the researchers said.

It can also request the theft of a particular file from a previously seen USB stick, and the file will be stolen the next time the USB is connected to the computer.

The targeted systems found by Kaspersky Lab were infected with both Tokyo and Yokohama. This suggests that Tokyo was used as first stage infection, deploying the fully-functional Yokohama package on interesting victims, and then left in for backup purposes.

THE SNAPSHOTS

Sign up to get quick snaps of everyday happening, directly in your inbox.

We don’t spam! Read our privacy policy for more info.

- Advertisement -

Support our independent journalism PayPal (Outside India) For PayU (For Indian Readers).

Krishna Mali
Krishna Mali
Founder & Group Editor of TechGraph.

More Latest Stories

More Articles

Top Strategies to Win at Blackjack: Expert Tips for Players

Blackjack isn’t just a game—it’s a mathematical battleground. While many casino games rely purely on chance, blackjack offers players a unique edge: the ability...

Navigating the Inheritance Process After the Passing of a Loved One

The death of a loved one often leaves families grappling with complex emotional and logistical challenges. One of the significant components of this process is navigating inheritance issues, which can be daunting without proper guidance. Understanding the foundational concepts of inheritance can help mitigate...

What to Consider When Choosing a Car Battery Repair Shop

When faced with car battery issues, finding the right repair shop becomes necessary. Given...

Fintevex Overview: What Traders Need to Know in 2025

In 2025, the trading world is more competitive than ever. With hundreds of platforms...

Sifx trading platform: What Traders Looking to Profit Should Really Know

sifx.com is an online trading broker that provides access to multiple global markets through...

Kriscore Capital Launches ₹100 Cr Fund to Back Early-Stage Indian Tech Startups

Kriscore Capital, a newly launched venture firm focused on early-stage Indian technology startups, has...

Operation Sindoor: India, Pakistan Agree to Ceasefire After High-Level Military Talks

India and Pakistan agreed on Saturday to halt all military activities across land, air,...

India Says Pakistan Attempted Large-Scale Drone Incursions, Used Civilian Flights as Cover

India on Friday accused Pakistan of attempting large-scale drone incursions across the western border...

Lexus CarPlay and Android Auto Integration

In the ever-evolving landscape of automotive connectivity, Lexus CarPlay and Android Auto integration have emerged as game-changers, providing unparalleled convenience and a seamless driving...

The Future of B2B Commerce: E-commerce Platforms and Beyond

The way companies buy items and sell services has changed a lot from the...

No OTPs, No Hassles: The Rise of Passwordless Digital Payments

India is pacing toward a passwordless future in the digital payments ecosystem. Technologically, it’s...

Why Smart Cities Are the Future of Water Conservation

Water conservation has become an important factor due to climate change and worsened water...

How AI-Powered Online Platforms Are Revolutionizing Life Insurance Recommendations

Anyone with a child, a spouse, a life partner, or a parent as a...

Loans in Crypto Wallet: Useful Feature or a Security Threat?

Integrating crypto loans into digital wallets is gaining traction, allowing users to borrow and lend crypto assets without the need for traditional financial institutions....

From Arcade to Adventure – The Evolving Face of Entertainment and Why It Counts

Entertainment has always been a reflection of the shifting expectations of society. Earlier, people used to gather around a campfire to share stories or participate in outdoor activities, building trust and connection with each other. Being communal events, they focused on physicality and face-to-face...

How Technology Helps Combat Various Viruses and Diseases

Technology has transformed the ways we approach vaccines, particularly for the flu. One noteworthy...

12 Eye-Popping Hacks to Make Your Next Business Presentation Sparkle

Business presentations are often necessary to gain new clients and showcase what it is...

BGC Group raises $700 Mn in bond sale to refinance debt

BGC Group, Inc. (NASDAQ: BGC) has finalized a $700 million private offering of senior...

Alphabet Legal Chief John Kent Walker to Sell $2Mn in Shares via Morgan Stanley

Alphabet Inc.’s (NASDAQ: GOOGL) Chief Legal Officer, John Kent Walker Jr., has filed to...

The Ultimate Guide to Choosing and Using Fonts in Your Design Projects

Fonts play a crucial role in every design project, from branding and web design...

Predictive Analytics: The Key to Supply Chain Resilience

In today’s interconnected global economy, supply chains are the lifeblood of businesses, weaving intricate...

Nvidia Director Aarti Shah to Sell Shares Worth $2.37 Mn

Aarti S. Shah, a director at NVIDIA Corporation (NASDAQ: NVDA), has filed a notice...

Alphabet Board Member Frances Arnold Increases Stake Following Dividend Allocation

According to a recent regulatory filing, Frances Arnold, a board member at Alphabet Inc.,...

Elon Musk’s X Sues Indian Govt Over Content Regulation Clash

X Corp, an Elon Musk-owned social media firm, sued the Indian government in the...

Why Smart Cities Are the Future of Water Conservation

Water conservation has become an important factor due to climate change and worsened water...

The Long-Term Power of Investing: Selecting Undervalued Industries

Investing can seem overwhelming, especially for beginners, as the numerous options and strategies available...

The Impact of EdTech on Student Outcomes in Higher Education

The introduction of interactive whiteboards in the early 1990s marked a major shift in...

Shell Executive Robin Mooldijk Sells €1.69 Mn in Shares

Shell plc’s Projects & Technology Director, Robin Mooldijk, has offloaded 50,000 shares in the...

HR Chief Amy Coleman Reports Over 46,000 Microsoft Shares in SEC Filing

Microsoft (NASDAQ: MSFT) Chief Human Resources Officer, Amy Coleman, has reported her stock holdings...

How AI-Powered Online Platforms Are Revolutionizing Life Insurance Recommendations

Anyone with a child, a spouse, a life partner, or a parent as a...

Alphabet Board Member Frances Arnold Increases Stake Following Dividend Allocation

According to a recent regulatory filing, Frances Arnold, a board member at Alphabet Inc.,...

Alphabet COA Amie Thuener O’Toole Increases Stock Holdings

In a filing with the U.S. Securities and Exchange Commission (SEC), Alphabet Inc.’s (NASDAQ...

Elon Musk’s X Sues Indian Govt Over Content Regulation Clash

X Corp, an Elon Musk-owned social media firm, sued the Indian government in the...