That library then recorded via C: \ Windows \ system32 \ regsvr32. This causes for the malicious TeamSpy code to be dropped onto the victim’s computer, as a malicious DLL: The attached file is a zip file, which, when opened, triggers the accompanying. In this case, the online criminals seek to gain complete control of the infected PC and gather confidential information from it, without raising suspicion that the computer is exposed.įirst, the victim receives a spam email with the following contents: The malicious technique used is DLL hijacking, which tricks a legitimate software program to perform unauthorized actions. This current attack relies on social engineering and careless use to trick victims into installing the TeamSpy malware. How TeamSpy compromises the targeted computersįirst of all, we have to mention that TeamViewer has not been compromised and is entirely safe to use, just as it was in 2016, when attackers leveraged reused passwords to plunder bank and Paypal accounts. As part of the attackers’ activities is based on misusing the TeamViewer remote access tool, we named the entire malicious toolkit TeamSpy. Many of the victims appear to be ordinary users, but some of the victims are high-profile industrial, research, or diplomatic targets, including the case that triggered our investigation. It seems that the main objective of the attackers was information gathering from the infected computers. The report from 3 years ago mentions that: The last time that TeamSpy made the news was in 2013, when a nearly 10 years long cyber espionage operation was uncovered. A new spam campaign emerged over the weekend, carrying the TeamSpy data-stealing malware, which can give cybercriminals full access to a compromised computer.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |