Recent news of a new Malware reported by Network World website states that an infected computer could be compromised using a Gmail account. This malware can use Gmail drafts to open an invisible window in Internet Explorer windows and run commands to steal data, according to a German security firm “G Data Software”. Once a computer is tainted, the malware uses a script to access an email account and uses IE to open a hidden window, access an email account, and execute commands such as filling in form data, check or uncheck items, export information, etc. All of this happening without the user aware is the scarier part.
The remote execution tool being used in this malware is sophisticated in such that it is “modular” and can adapt easily. Another security firm, “Shape Security”, noted on how stealthy this malware is and can pass information back and forth without the user aware or even pressing a “send” button. They state that a hacker can setup an anonymous Gmail account, gain access to an infected workstation and open the fake gmail account in a hidden IE window. This hidden or “invisible” window is where user data can be compromised. G Data Software also notes that this malware could affect other web-based accounts.
It does seem a bit complicated on how it actually works so please read more details offered by Network World – Click Here
Yahoo Tech news also reported on this subject, to read more details – Click Here