According to security firm Heimdal, a new spam campaign appeared over the weekend, carrying the malicious TeamSpy software. The specific malware which can give the hackers πλήρη πρόσβαση σε έναν computer via Teamviewer.
TeamSpy is not a new kind of malware. In fact, it was from 2013, and then it had access to countless computers.
This time the attackers use techniques social engineering and taking advantage of users' carelessness trick them into installing TeamSpy malware.
How does it work:
The malware comes as a .zip file inside an email from a fake address. The zip contains an .exe file that if run will infect TeamSpy your computer with a malicious DLL file. The messages Emails containing the malware, according to the company that discovered them, had the subject line “eFax message from “1408581 **.”
Malware will install a legitimate version of TeamViewer on his victim's computers and then change the behavior of the hacked DLL to remain hidden.
“TeamSpy malware contains various elements from the legitimate TeamViewer application. A keylogger and TeamViewer VPN are two of these components, ”say Heimdal researchers.
All logs are copied to one file. These include all available usernames and passwords. The file is immediately sent to a C&C server.
This attack can bypass the authentication of two factors. Currently, the malware detection ratio is very low (15 / 58), which means that only 15 virus software is able to detect it.
This can be explained why it is the beginning of the attack. So it would be good to watch out for the emails you receive and not download files that do not look trustworthy.