TeamViewer: software hides remote connections

A new targeted attack was detected through TeamViewer, which aimed at stealing financial information from government and economic targets across Europe and beyond.

Check Point researchers announced on Monday that the attacks targeted government and financial officials, as well as representatives of various embassies in Europe, Nepal, Kenya, Liberia, Lebanon, Guyana and Bermuda.TeamViewer

The attack began with a typical phishing e-mail containing a malicious attachment claiming to be a "top secret" document from the United States.

The subject line said “Military Financing Program” and the .XLSM document had the logo of U.S. Department of State.

So if someone opened the document and enabled the macros, έβγαιναν δύο αρχεία – ένα κανονικό πρόγραμμα AutoHotkeyU32.exe και ένα κακόβουλο TeamViewer .

AutoHotkeyU32 was used to send a POST request to the intruder's command and control (C&C) server, but also to download more malicious scripts capable of capturing screenshots of the target computer, stealing information, and then sending it to the attacker. .

TeamViewer is often from for remote PC access. However, due to its capabilities, the software is also used by fraudsters to gain access to remote systems.

The malicious par με το TeamViewer DLL διέθετε στους επιτιθέμενους τροποποιημένη ity, and hiding every TeamViewer connection. So victims didn't know someone was logged into their computer.

The main targets of the specific attack as we mentioned above were public financial sector bodies and according to them the would-be hacker was Russian.

_________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).