TajMahal Malware

The TajMahal malware is a spyware program that collects confidential data from your PC through the features of dozens of separate modules. Its attacks include both traditional means of theft, such as keylogging, as well as unusually innovative ones like monitoring CD-burning activities. Because this Trojan is a high-level threat that goes to great lengths for self-concealment, users should protect themselves and uninstall the TajMahal malware only with highly trusted anti-malware services.

Trojans Hacking Your PC in Eighty Ways

Although it's par for the course for spyware-based Trojans to compartmentalize their attacks into different modules, what's not so usual is having up to eighty of them. This extreme quantity, however, is being backed by an apparent quality of coding that suggests state-sponsored, cyber-terrorism as being at the root of the TajMahal malware's campaign. It's not sure how the TajMahal malware is spreading, yet, but with one infection and further information suggesting a lifespan of multiple years before that, there's little suggestion that it's not achieving its campaign's goals.

The TajMahal malware is a backdoor Trojan and spyware-specialized threat that focuses on monitoring and collecting data from the infected system. It has all of the features that malware analysts rate as traditional, such as keylogging (recording your keyboard input), collecting login credentials and documents, recording the webcam, and taking screenshots. However, through two separate packages, it hosts a range of other features through its dozens of modules.

Some of the more unusual of the TajMahal malware's features that it implements through the so-called Tokyo and Yokohama packages include:

• The TajMahal malware monitors USBs and other, removable drives for any 'updated' versions of previous files and retrieves the new ones.
• The TajMahal malware intercepts information that's burning to CD.
• The TajMahal malware tracks VoIP software usage and may use detected use for triggering other features, such as screen-grabbing.
• If it's removal through victim intervention is incomplete, the TajMahal malware can re-launch itself with a new, random service name.
• The TajMahal malware can accept commands for further attacks from two Command & Control networks, one of which dedicates itself to 'high priority' tasks, such as handling hibernation, uninstallation, and self-restoration.

Perhaps most remarkably of all, the TajMahal malware includes no significant code that its programmers recycle from old sources, and is an entirely new and independent threat.

Tearing Down a Fraudulent Mausoleum

The TajMahal malware is, as even a brief perusal of its payloads show, a high-level threat with sophisticated functionality and methods for achieving its intentions of exfiltrating information. Although malware researchers lack sufficient evidence for triangulating all of the TajMahal malware's campaigning regions, reports from a recent cyber-security summit confirm that it's actively attacking diplomatic entities within Asia. E-mails or physical access via compromised devices are possible infection vectors, although, given the expertise of its creators, the security industry can't rule out zero-day 'unseen' software exploits.

The randomization and reinstallation of its components make the TajMahal malware a complex form of spyware for removing. Users should disable network connections, both local and non-local, and avoid letting removable devices contact an infected system. Dedicated anti-malware solutions should remove the TajMahal malware safely, although the risks of already-undergone data theft remain possible of causing future issues.

With its creativity and resilience difficult of exaggerating, the TajMahal malware is a model for high-level spyware for years to come. What its threat actors will do, now that the security industry is aware of its existence, is far from cert