• About
  • Advertise
  • Careers
  • Contact
Friday, March 31, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security Malware

Researchers believe the trojanized version of TeamViewer is being spread by a Russian speaking hacker.

by Cyber360 News
November 11, 2019
in Malware
0
Researchers believe the trojanized version of TeamViewer is being spread by a Russian speaking hacker.
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

Researchers believe the trojanized version of TeamViewer is being spread by a Russian speaking hacker.

The latest report from Check Point reveals that multiple embassies in Europe were targeted with a trojanized version of TeamViewer. The embassies affected in the latest wave of attacks include Nepal, Lebanon, Italy, Kenya, Liberia, Guyana, and Bermuda.

See: Hackers using malicious TeamViewer tool to spread malware

According to Check Point’s investigation, a hacker using the alias EvaPiks is responsible for singlehandedly carrying out targeted malware attacks on embassies. It must be noted that TeamViewer is a remote desktop sharing and remote access tool that’s widely used around the world. The motive behind the attacks is yet unclear but researchers believe that financial theft could possibly be the primary objective.

Research further revealed that the alleged hacker has links with Russian-speaking groups because of using Cyrillic artifacts. The attacks, reportedly, started on 1st April and since then multiple embassies have been targeted. Check Point’s threat intelligence group manager Lotem Finkelsteen stated that:

“The targets were victimized that day, and then the threat actors moved step by step through a multistaged infection chain to further stages until they gained full remote access to the infected devices.”

In this campaign, malware is hidden in TeamViewer in the form of a classified US government XLSM document containing malicious macros and sent via email titled “Military Financing Program.” The file has been carefully crafted and bears the authentic logo of the US Department of State while the file itself is marked “top secret.”

Hackers targeting embassies with trojanized versions of TeamViewer

Document used by hackers to spread the malware – Image credit: Check Point

Users must disable macros!

As soon as the macros are enabled, two files are extracted from the XLSM document’s encoded cells. One of the files is an authentic AutoHotkey program, while the other is an infected version of the file that creates a connection with the C&C server to download and execute the malware-bearing version of TeamViewer. When this file is executed, the attacker can establish remote access on the infected device.

Furthermore, the infected version of TeamViewer can download and execute additional commands such as the command to hide the TeamViewer interface to deceive the user or to transfer session credentials to a text document.

Hackers targeting embassies with trojanized versions of TeamViewer

Infection chain of the malware – Image credit: Check Point

Threat Point researchers suggest in their blog post that considering the victims that have been targeted and the multi-stage nature of the campaign, it is quite possible that either nation-sponsored hackers or some very sophisticated cybercriminals are involved.

“…We wonder whether he joined others to carry [these] attacks, or he just tunneled others’ attack through his successful infection chain,” said Finkelsteen.

In every attack, the targets were selected quite carefully, and each individual was connected to the government’s revenue-related responsibilities or the financial sector. However, so far there is no evidence of the attacker trying to access the targeted governments’ bank accounts.

See: TeamSpy malware targeting users through malicious TeamViewer app

Therefore, the other motive behind the attack could be cyber espionage. Currently, researchers aren’t ruling out geopolitical motives as the main reason behind the attacks too. Nevertheless, users must disable macros, use a reliable anti-virus program and keep their system updated.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Cyber360 News

Cyber360 News

Next Post
“This hidden site has been seized,” says the marketplace’s homepage.

“This hidden site has been seized,” says the marketplace’s homepage.

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In