According to security firm Heimdal, a new spam campaign appeared over the weekend, carrying the malware TeamSpy. The specific malware which can give the hackers full access to a computer via Teamviewer.
TeamSpy is not a new kind of malware. In fact, it was from 2013, and then it had access to countless computers.
Αυτή τη φορά οι επιτιθέμενοι χρησιμοποιούν τεχνικές social engineering και εκμεταλλευόμενοι την απροσεξία των χρηστών τους ξεγελούν για να εγκαταστήσουν malicious TeamSpy software.
How does it work:
Malware comes as a .zip file in an email from a fake address. The zip contains an .exe file that if you run it with TeamSpy will infect your computer with a malicious DLL file. The emails contained in the malware according to the company that discovered them had the subject "eFax message from" 1408581 **. "
Malware will install a legitimate version of TeamViewer on his victim's computers and then change the behavior of the hacked DLL to remain hidden.
“The TeamSpy malware includes various elements from the legitimate TeamViewer application. A keylogger and TeamViewer VPN are two of those items,” they say researchers of Heimdal.
All logs are copied to one file. These include all available usernames and passwords. The file is then sent to a C&C server.
This attack can bypass the authentication of two factors. Currently, the malware detection ratio is very low (15 / 58), which means that only 15 virus software is able to detect it.
This can be explained why it is the beginning of the attack. So it would be good to watch out for the emails you receive and not download files that do not look trustworthy.
