Previously, hackers used malicious TeamViewer app to target unsuspected users with TeamSpy data-stealing malware. This, however, is not the first time when the name of TeamViewer has been misused to spread malware. “Given the possibilities of abuse and the recent schemes to deliver malware disguised as legitimate software, users should secure their endpoints with multilayered protection,” researchers suggested. Trend Micro researchers believed that the URL is part of “a bigger operational campaign of trojan spyware.” Both malware are known for stealing data from the compromised computers however CoinSteal removes itself from the system once the task is completed. The researchers also discovered several other malware linked to the C&C URL including CoinSteal and Fareit. Trend Micro researchers analyzed the archive and discovered a trojan spyware disguising as TeamViewer to collect and steal user data.įurther digging into the archive revealed that once executed the malware also gathers device-related data and send it to control-and-command (C&C) domain (hxxp://intersys32com) which includes username, computer name, operating system, OS architecture, RAM size, whether there is an anti-virus solution installed on the system, and administrator privilege. Hxxp://rosalos.ug/xxx/ #MalwareMustDie /q1e3001ct3 #Malware #InfoSec #CyberSecurity #OpenDir It all started on January 20th when a security researcher going by the Twitter handle of FewAtoms detected a malicious URL containing an open directory leading visitors to a malicious self-extracting archive ( SFX/SEA). Note: It is worth mentioning that the official website of TeamViewer has not been compromised and downloads from it are safe and secure.
Recently, the IT security researchers at Trend Micro have uncovered a malware campaign targeting unsuspecting users with a malicious version of TeamViewer. TeamViewer is a popular remote control desktop sharing software with more than 1 billion users and that makes it a lucrative target for cyber criminals.
0 kommentar(er)
