A newly-detected remote administration Trojan (RAT) receives command and control instructions through Yahoo Mail.
According to Threatpost, the RAT could be easily modified to communicate with its authors through other popular webmail providers and it has the ability to elude the notice of intrusion detection systems by operating over these domains.
Known as IcoScript, this has gone largely undetected since 2012 and this is partly because access to webmail services is rarely blocked or blacklisted in corporate environments, and such traffic is very unlikely to be considered suspicious.