HomeNewsTurla hackers group hijack ESET Antivirus logs to test their malware

Turla hackers group hijack ESET Antivirus logs to test their malware

If you purchase via links on our reader-supported site, we may receive affiliate commissions.
cyberghost vpn ad

ESET has disclosed an attack on its antivirus program and two other targets by the Russian-backed Turla hacker group. Apart from the attack on the antirust program, the National parliament in Caucasus and two Foreign offices in Europe were also targeted with the use of a new version of a malicious program known as ComRAT.

Unlike the old version of ComRAT which was deployed in 2008 to siphon data from a network belonging to the Pentagon, ESET security team of researchers have observed that the new version of ComRAT v4 developed by Turla Hackers Group comes with new features; like getting orders from Gmail inbox logs through email attachments sent to it and also an ability to collect anti-virus software logs while adjusting to avoid detection.

The list of victims of an attack from ComRAT malware which was previously called AgentBTZ continues to increase, starting from the attack on the Pentagon in the 2000s, with recorded attacks on victims in Africa, Asia, Europe, and the Middle East, this latest attack which occurred in January 2020 has become the most advance based on the new features of the updated version of ComRAT according to ESET.

READ ALSO: Best Antivirus For 2022

ESET Security Team Response

Mathieu Fauo, a member of ESET security research unit stated that “the ComRAT malware comes with two command-and-control contraptions with the first being a classic method of connecting to a remote server via HTTP and collecting instructions to work on hosts infected and the second which is the use of Gmail’s web platform for taking over the victim’s browsers, then load a prewritten cookie file thereby initiating a session to the Gmail web dashboard.”

Turla hackers’ group has continued the use of ComRAT to hunt for specific files in the filesystem to exfiltrate the data into a cloud file sharing account on 4shared as done before as a second-stage payload on infected hosts.

The Turla hackers group will certainly keep improving on their malicious weapons to further find ways to breach into bigger targets in the nearest future.


Amaya Paucek
Amaya Paucek
Amaya Paucek is a professional with an MBA and practical experience in SEO and digital marketing. She is based in Philippines and specializes in helping businesses achieve their goals using her digital marketing skills. She is a keen observer of the ever-evolving digital landscape and looks forward to making a mark in the digital space.


Delete Me
Incogni Black Friday Ad
Heimdal Security ad

Subscribe to SecureBlitz Newsletter

* indicates required


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.