| Filename | TeamSpy Malware Reappears In a Spam Campaign |
| Permission | rw-r--r-- |
| Author | Asylum |
| Date and Time | 4:39 PM |
| Label | E Hacking News - Latest Hacker News and IT Security News| free| google| hacking| IFTTT| new| news| TeamSpy Malware Reappears In a Spam Campaign |
| Action |
 |
| (pc-Google Images) |
The attackers exploit the TeamViewer remote access tool to grant an attacker full access to a compromised device. Once downloaded the malware first targets usernames and passwords and then scans for personal information and pictures, which can be used for a number of illicit activities, including extortion, and financial gains, said Heimdal CEO Morten Kjaersgaard.
First, an email from a spoofed address will get the victim to download a zip file, which, once opened, triggers the .exe file inside to be activated. The TeamSpy code is then dropped onto the victim's computer, as a malicious DLL. The emails noticed by the security firm had "eFax message from “1408581 **" as a subject line.
As before, the cybercriminals install a legitimate version of TeamViewer on their victims' computers and then alter the behavior with DLL hijacking to make sure it stays hidden.
The logs are copied to a file, adding all available user names and passwords. The file is continuously sent to a C & C server.
Per the researchers, the TeamSpy malware includes various components in the otherwise legitimate TeamViewer application, two of them are keylogger and a TeamViewer VPN.
via E Hacking News - Latest Hacker News and IT Security News TeamSpy Malware Reappears In a Spam Campaign http://ift.tt/2mAjafq
0 comments:
Post a Comment