TeamSpy Malware Returns to Steal Data

Uploaded on 2017-04-13 in TECHNOLOGY--Hackers, NEWS-News Analysis, GOVERNMENT-Law Enforcement, FREE TO VIEW

A new spam campaign has recently emerged, carrying the TeamSpy data-stealing malware, which can give cyber-criminals full access to a compromised computer.

According to Heimdal Security, many of the victims appear to be ordinary users, but some of the victims are high-profile industrial, research or diplomatic targets.

Part of the attackers’ activities is based on misusing the legitimate TeamViewer remote access tool, including a keylogger and a TeamViewer VPN.

The current attack relies on social engineering and careless use to trick victims into installing the TeamSpy malware. The malicious technique used is DLL hijacking, which tricks a legitimate software program to perform unauthorised actions.

First, the victim receives a spam email claiming to have an “eFax” attached. When opened, the file triggers the accompanying .exe file to be activated. This causes the malicious TeamSpy code to be dropped onto the victim’s computer, as a malicious DLL.

From there, a TeamViewer session started by the attackers will be invisible to the victim. This can lead to numerous forms of abuse against the services that the logged-in user runs on his/her computer. 

The attack can also circumvent two-factor authentication and can also give cyber-criminals access to encrypted content which is unencrypted by the users on their compromised computers.

“We highly recommend that you carefully analyse unwanted emails that you receive and that you don’t download email attachments from unknown senders,” said Andra Zaharia, security evangelist at Heimdal, in an analysis. “Malware can disguise itself in many forms on the web, and all it takes is one click to trigger an infection.”

Infosecurity Magazine

ENISA’s Threat Rankings: From Malware To Cyber Spies:

New Malware Hides In Memory:

 

 

« Ransomware 'customer support' Chat Reveals Criminals' Ruthlessness
Zello Protest App Blocked in Russia »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CLUSIL

CLUSIL

CLUSIL is an association for the information security industry in Luxembourg.

National Institute of Information and Communications Technology (NICT)

National Institute of Information and Communications Technology (NICT)

NICT is Japan’s sole National Research and Development Agency specializing in the field of information and communications technology.

DomainTools

DomainTools

DomainTools helps security analysts turn threat data into threat intelligence.

Ravelin Technology

Ravelin Technology

Ravelin prevents chargebacks, fraud, and account takeover. Machine learning and human insight combine for highly accurate fraud detection and prevention.

CyberFortress

CyberFortress

CyberFortress is an insuretech startup offering a new kind of online business interruption policy designed for small business.

Salient Law

Salient Law

Salient Law is a virtual law firm that specialises in advising providers and users of technology on contracts involving technology.

Findcourses.co.uk

Findcourses.co.uk

Findcourses is a dedicated education search engine designed to make it easy for our learners to search and find exactly what they need from our community of trusted training providers.

Aujus Cybersecurity

Aujus Cybersecurity

Aujas is a pure-play cyber security services company with deep expertise in Identity and Access Management, Managed Security and Security Testing services.

Intechtel

Intechtel

Intechtel is a cyber security company, in addition to providing other internet, technology and telephone services.

Apptega

Apptega

Apptega is an award-Winning Cybersecurity and Compliance Platform. Our mission is to make cybersecurity and compliance easy for everyone.

4Securitas

4Securitas

4Securitas is an innovative cyber security firm focused on protecting critical data at the core of every organisation.

NI Cyber Security Centre

NI Cyber Security Centre

NI Cyber Security Centre works to make Northern Ireland cyber safe, secure and resilient for its citizens and businesses.

Redpoint Security

Redpoint Security

Redpoint Security is an application security consulting firm that is focused on all aspects of code security.

RedLegg

RedLegg

RedLegg is a master provider of information security services, a boutique, nimble, old-fashioned customer service company that enjoys the technology battlefield.

HiddenLayer

HiddenLayer

HiddenLayer is a provider of security solutions for machine learning algorithms, models and the data that power them.

Custard Technical Services

Custard Technical Services

Custard provide Network Security for all types of businesses across many industries, helping to keep them safe and secure.