Malware T9000 is a new variant of T5000, or the Plat1 malware family that APT actors used in spear phishing attacks after the disappearance of Malaysian Flight MH370. The malware uses a multi-stage installation process to evade detection and fly under the radar. The victims username and OS version are sent back to the attacker via C&C server, which then sends modules to steal data. Once enabled, the malware will record video calls, audio calls, and chat messages. It also steals documents and more even from removable drives.”]