Image

Image

"Using Gmail to receive instructions from its C2, Kedi navigates to the inbox, finds the last unread message, grabs content from message body and parses commands from this content. To send information back to command and control, base64 encodes the message data, replies to the received message, adds encoded message data and sends its message."No doubt malware developers programmed Kedi's Gmail functionality in an attempt to prevent security researchers from detecting the threat. It's reasonable to assume that other bad actors will go to these lengths to preserve their malware, as well. With that said, users and businesses should work to prevent a malware infection. First, they should install an anti-virus solution on all workstations and keep that solution updated. Second, organizations should conduct ongoing phishing awareness training with their employees. Lastly, businesses should develop a vulnerability management program that's capable of quickly addressing known security issues. To do a better job of keeping up with the thousands of vulnerabilities reported each day, click here.