Gmail Drafts acts as helpful for general users, more helpful for people having affairs with more than one person, e.g. extramarital affairs etc. People share a same gmail account and leave their messages in drafts.

Now the very same trick is used by the hackers too.The emails are not read by the shared account holders only, rather they are being shared with a malware who is stealing their data, buried deep on a victim's computer already.

Shape Security is a security startup whose researchers have found a strain of malware on a network of client that uses that new,furtive form of "command and control" - acting as a communication channel for hackers to their malicious software , thus program updation is done and further instructions are sent easily further allowing retrieval of stolen data.The Hidden communications channel is difficult to detect because the commands are located in hidden form in the gmail drafts that remain in the email account forever and never sent.

What we're seeing here is command and control that's using a fully allowed service, and that makes it superstealthy and very hard to identify, says Wade Williamson, the Shape security researcher. He added , It's stealthily passing messages back and forth without even having to press send. You never see the bullet fired.

The shape observed that attack is carried out like this: A Gmail Account was first setup by the hacker, and then a malware was sent to the computer on the target's network.(Shape declined to reveal the identity of the victim of the attack).After hacker gained the control of the victim's machine, he then opened the anonymous gmail account in an invisible instance on Internet Explorer - IE allows itself to be run by Windows programs so that they can seamlessly query web pages for information, so the user has no idea web page is even open on the computer.

Malware is programmed to use a python script for the retrieval of commands and code that the hacker enters into that draft form, as the gmail drafts folder are open and hidden.

This new infection is said to be a variant of remote access trojan (RAT) called Icoscript first found by the German security firm G-Data in august. Icoscript was working on the similar grounds, it used Yahoo Mail emails to hide its command and control that helped it from being discovered.The switching on to Gmail Drafts could make malware stealthier still.

It is unknown that how many computers have been affected by this new iteration of Icoscript , as told by Shape.But they believe, as the data-stealing intent of it, is not that critical, the attack was done for a close target than a global infection.

On asking help for victims of the malware , Shape told without blocking Gmail completely, there's no other way to detect its stealthier data theft.They even held Gmail responsible for making its email product less advantageous for automated malware.