Google warns against Russia-based hacking group using new malware to steal data

Google’s Threat Intelligence Group (GTIG) has issued a warning about a Russia-based hacking group, known as COLDRIVER. The Alphabet-owned company claims that this hacking group is using a newly identified malware called LOSTKEYS to steal data. The tech giant claims that this malware, which was tracked in multiple attacks this year, possesses the capability to steal files matching a predefined list of extensions and located in specific directories, as well as transmit system information and running processes back to the attacker. GTIG also noted that LOSTKEYS signifies a new development in the hacking group’s toolkit, which is known for its credential phishing campaigns targeting high-profile organisations such as NATO governments, non-governmental organisations (NGOs), as well as former intelligence and diplomatic officials.