A new target has been detected attack, via TeamViewer, which aimed to steal financial information from government and financial targets across Europe and beyond.
Check Point researchers announced on Monday that the attacks targeted government and financial officials, as well as representatives of various embassies in Europe, Nepal, Kenya, Liberia, Lebanon, Guyana and Bermuda.
The attack began with a typical phishing e-mail containing a malicious attachment claiming to be a "top secret" document from the United States.
The subject line stated "Military Financing Program" and the .XLSM document bore the US State Department logo.
So if someone opened the document and enabled the macroscommands, two files were output – a normal AutoHotkeyU32.exe program and a malicious TeamViewer DLL.
AutoHotkeyU32 was used to send a POST request to the intruder's command and control (C&C) server, but also to download more malicious scripts capable of capturing screenshots of the target computer, stealing information, and then sending it to the attacker. .
Το TeamViewer χρησιμοποιείται συχνά από επιχειρήσεις για απομακρυσμένη access σε Η/Υ. Ωστόσο, λόγω των δυνατοτήτων του, το software it is also used by fraudsters to gain access to remote systems.
The malicious variant with the TeamViewer DLL had the attackers modified functionality, and hiding every TeamViewer connection. So victims didn't know someone was logged into their computer.
The main targets of the specific attack as we mentioned above were public financial sector bodies and according to the researchers the would-be hacker he was russian
_________________
- GR and EL domains: Attack to the Greek Internet Name Registry
- Windows 10 Fall Creators support fee immediately upgrade
- Mathesis: Ancient Greek Technology 1 (Basic Technologies)
- Edge with Chromium allows video streaming on 4K
- Mark Zuckerberg: help from regulators & governments