According to company ασφαλείας Heimdal, μια νέα εκστρατεία spam εμφανίστηκε τη διάρκεια του Σαββατοκύριακου, που φέρει το κακόβουλο λογισμικό TeamSpy. Το συγκεκριμένο malware οποία μπορεί να δώσει στους hackers πλήρη access on a computer via Teamviewer.
TeamSpy is not a new kind of malware. In fact, it was from 2013, and then it had access to countless computers.
This time, attackers use social engineering techniques and, exploiting the inexperience of their users, are tricked into installing malware TeamSpy.
How does it work:
Malware comes as a .zip file in an email from a fake address. The zip contains an .exe file that if you run it with TeamSpy will infect your computer with a malicious DLL file. The emails contained in the malware according to the company that discovered them had the subject "eFax message from" 1408581 **. "
Malware will install a legitimate version of TeamViewer on his victim's computers and then change the behavior of the hacked DLL to remain hidden.
“TeamSpy malware includes several data από τη νόμιμη εφαρμογή TeamViewer. Ένα keylogger και TeamViewer VPN είναι δύο από αυτά τα στοιχεία,” αναφέρουν οι ερευνητές της Heimdal.
All logs are copied to one file. These include all available usernames and passwords. The file is immediately sent to a C&C server.
This attack can bypass two-factor authentication factors. Currently the detection ratio of the malware is very low (15/58), which means that only 15 antivirus software are able to detect it.
This can be explained why it is the beginning of the attack. So it would be good to watch out for the emails you receive and not download files that do not look trustworthy.