A technique that General David Petraeus used to communicate with his lover Paula Broadwell (with whom he was having an illicit affair.), is now become a data-stealing technique for hackers.

Now hackers have learned the same trick. Only instead of a mistress, they’re sharing their love letters with data-stealing malware buried deep on a victim’s computer.

Back in August, Germany’s anti-malware solutions provider G Data Software identified stealthy malware that had gone undetected since 2012.

They dubbed the remote administration tool (RAT) Win32.Trojan.IcoScript.A and remarked that it was particularly nasty due to the way it abused webmail for its command and control (C&C) communications. Although IcoScript was using Yahoo email, G Data predicted that it could just as easily abuse Facebook, LinkedIn or Gmail. And now a variant of that malware is using Gmail drafts that open in invisible Internet Explorer windows and act as the command and control to steal data.

As written on wired .com :

Williamson (a security researcher at Shape) says the new infection is in fact a variant of a remote access trojan (RAT) called Icoscript first found by the German security firm G-Data in August. At the time, G-Data said that Icoscript had been infecting machines since 2012, and that its use of Yahoo Mail emails to obscure its command and control had helped to keep it from being discovered. The switch to Gmail drafts, says Williamson, could make the malware stealthier still.

Thanks in part to that stealth, Shape doesn’t have any sense of just how many computers might be infected with the Icoscript variant they found. But given its data-stealing intent, they believe it’s likely a closely targeted attack rather than a widespread infection.

For victims of the malware, Shape says there’s no easy way to detect its surreptitious data theft without blocking Gmail altogether. The responsibility may instead fall on Google to make its webmail less friendly to automated malware. A Google spokesperson responded to an email from WIRED with only a statement that “our systems actively track malicious and programmatic usage of Gmail and we quickly remove abusive accounts we identify.”