TeamSpy malware: makes TeamViewer an espionage tool


According to security company Heimdal, a new campaign spam appeared during the weekend, carrying the malware TeamSpy. The specific malware which can give them hackers full access to a computer through Teamviewer.

TeamSpy is not new malware. It actually exists since 2013, and then had access to countless computers.TeamSpy

This time the attackers use techniques social engineering and taking advantage of their users' carelessness to trick them into installing TeamSpy malware.

How does it work:

Malware comes as a file.zip in a emails from a fake address. The zip contains a file.exe which if you run it will infect your computer with TeamSpy with a malicious DLL file. The emails that contain the malware according to the company that discovered them had as subject "eFax message from" 1408581 **. "

The malware will install a legal version of it TeamViewer on the computers of his victims and then change his behavior hacked DLL to remain hidden.

“TeamSpy malware includes various elements from the legal application TeamViewer. One keylogger and TeamViewer VPNs are two of these components, ”say Heimdal researchers.

All logs copied to a file. These include all available usernames and passwords. The file is immediately sent to a C&C server.

This attack can bypass two-factor authentication. At present its detection ratio malware is very low (15/58), which means that only 15 antivirus software are able to detect it.

This can be explained why it is the beginning of the attack. So it would be good to watch out for the emails you receive and not download files that do not look trustworthy.


Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news