![]() It is strongly recommended to download the software only from the official TeamViewer website. It is a modified, pirated version of the software. The malware described in this article is not the official TeamViewer software. Trend Micro™ Security, Smart Protection Suites The following Trend Micro products can protect users from this threat: Given the possibilities of abuse and the recent schemes to deliver malware disguised as legitimate software, users should secure their endpoints with multilayered protection. In 2017, a published report also showed how TeamViewer was being used to control an infected machine, not merely as a malware loader. We saw that the tool was trojanized by adding a malicious DLL to a legitimate version to be loaded onto a victim’s device. Malware developers have been known to use the tool to deliver backdoors and keyloggers in a similar way as far back as 2016. This type of TeamViewer misuse is not new. (Note: %User Temp% is the current user's Temp folder %User Startup% is the current user's Startup folder)įigure 2. %User Temp%\PmIgYzA\TeamViewer_Resource_fr.dll.%User Startup%\Gateway Layer 1.3957.lnk (shortcut link to dropped TeamViewer.exe).%User Temp%\PmIgYzA\TV.dll (malicious payload).If successfully downloaded and executed on a victim’s device, the trojan spy creates the folder %User Temp%\PmIgYzA and drops the following files: Upon further analysis of the archive, we found that it is trojan spyware (detected by Trend Micro as ) that gathers and steals data disguised as TeamViewer. The URL is an open directory that leads would-be victims to a malicious self-extracting archive. On January 20, a security researcher going by FewAtoms spotted a malicious URL in the wild. Recently, we investigated another case of misuse. ![]() Unfortunately, its power as an enterprise tool also makes it popular for cybercriminals, and TeamViewer has, in fact, been used in a range of cybercriminal operations from account abuse hacking to phishing schemes. ![]() TeamViewer is a file-sharing and communication program that also lets IT teams remotely access devices of enterprise employees. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |