According to the company security Heimdal, μια νέα εκστρατεία spam εμφανίστηκε τη διάρκεια του Σαββατοκύριακου, που φέρει το κακόβουλο λογισμικό TeamSpy. Το συγκεκριμένο malware οποία μπορεί να δώσει στους hackers πλήρη πρόσβαση σε έναν computer via Teamviewer.
TeamSpy is not a new kind of malware. In fact, it was from 2013, and then it had access to countless computers.
This time, attackers use social engineering techniques and, exploiting the inexperience of their users, are tricked into installing malware TeamSpy.
How does it work:
The malware comes as a .zip file inside an email from a spoof address. The zip contains an .exe file that if run will infect TeamSpy your computer with a malicious DLL file. The emails containing the malware, according to the company that discovered them, had the subject line “eFax message from “1408581 **.”
Malware will install a legitimate version of TeamViewer on his victim's computers and then change the behavior of the hacked DLL to remain hidden.
“The TeamSpy malware includes various elements from the legitimate TeamViewer application. A keylogger and TeamViewer VPN are two of those items,” they say researchers of Heimdal.
All logs are copied to one file. These include all available usernames and passwords. The file is then sent to a C&C server.
This attack can bypass the authentication of two factors. Currently, the malware detection ratio is very low (15 / 58), which means that only 15 virus software is able to detect it.
This can be explained why it is the beginning of the attack. So it would be good to watch out for the emails you receive and not download files that do not look trustworthy.