Search This Blog

Powered by Blogger.

Blog Archive

Labels

About Me

TeamSpy Malware Reappears In a Spam Campaign

Heimdal Security researchers spotted a new spam campaign carrying the TeamSpy data-stealing malware.
(pc-Google Images)
Heimdal Security researchers spotted a new spam campaign carrying the TeamSpy data-stealing malware.

The attackers exploit the TeamViewer remote access tool to grant an attacker full access to a compromised device. Once downloaded the malware first targets usernames and passwords and then scans for personal information and pictures, which can be used for a number of illicit activities, including extortion, and financial gains, said Heimdal CEO Morten Kjaersgaard.

First, an email from a spoofed address will get the victim to download a zip file, which, once opened, triggers the .exe file inside to be activated. The TeamSpy code is then dropped onto the victim's computer, as a malicious DLL. The emails noticed by the security firm had "eFax message from “1408581 **" as a subject line.

As before, the cybercriminals install a legitimate version of TeamViewer on their victims' computers and then alter the behavior with DLL hijacking to make sure it stays hidden.

The logs are copied to a file, adding all available user names and passwords. The file is continuously sent to a C & C server.

Per the researchers, the TeamSpy malware includes various components in the otherwise legitimate TeamViewer application, two of them are keylogger and a TeamViewer VPN.
Share it:

No Related Post Found

Also Read

The Need for Unified Data Security, Compliance, and AI Governance

 Businesses are increasingly dependent on data, yet many continue to rely on outdated security infrastructures and