TeamSpy Malware Returns to Steal Data

A new spam campaign has recently emerged, carrying the TeamSpy data-stealing malware, which can give cyber-criminals full access to a compromised computer.

According to Heimdal Security, many of the victims appear to be ordinary users, but some of the victims are high-profile industrial, research or diplomatic targets.

Part of the attackers’ activities is based on misusing the legitimate TeamViewer remote access tool, including a keylogger and a TeamViewer VPN.

The current attack relies on social engineering and careless use to trick victims into installing the TeamSpy malware. The malicious technique used is DLL hijacking, which tricks a legitimate software program to perform unauthorised actions.

First, the victim receives a spam email claiming to have an “eFax” attached. When opened, the file triggers the accompanying .exe file to be activated. This causes the malicious TeamSpy code to be dropped onto the victim’s computer, as a malicious DLL.

From there, a TeamViewer session started by the attackers will be invisible to the victim. This can lead to numerous forms of abuse against the services that the logged-in user runs on his/her computer. 

The attack can also circumvent two-factor authentication and can also give cyber-criminals access to encrypted content which is unencrypted by the users on their compromised computers.

“We highly recommend that you carefully analyse unwanted emails that you receive and that you don’t download email attachments from unknown senders,” said Andra Zaharia, security evangelist at Heimdal, in an analysis. “Malware can disguise itself in many forms on the web, and all it takes is one click to trigger an infection.”

Infosecurity Magazine

ENISA’s Threat Rankings: From Malware To Cyber Spies:

New Malware Hides In Memory:

 

 

« Ransomware 'customer support' Chat Reveals Criminals' Ruthlessness
Zello Protest App Blocked in Russia »

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 5,000+ specialist service providers.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Sonatype

Sonatype

Sonatype protects the world's enterprise software from security, compliance, licensing risks, while reducing application development and deployment time.

National Cyber Directorate

National Cyber Directorate

The Israeli National Cyber Directorate provides incident handling services for civilian entities and critical infrastructures and works to increase national resilience against cyber threats.

Cognizant

Cognizant

Cognizant offer services and solutions for IT Infrastructure Security, Enterprise Mobility and Internet of Things.

Authorize.Net

Authorize.Net

Authorize.Net is a Payment Gateway which provides the complex infrastructure and security necessary to ensure fast, reliable and secure transactions.

Rogue Wave Software

Rogue Wave Software

At Rogue Wave, our mission is to simplify your hardest problems, improve software quality and security, and shorten the time it takes to deliver value.

MASS

MASS

MASS provides world-class capabilities in electronic warfare operational support, cyber security, information management, support to military operations and law enforcement.

Simply Hired

Simply Hired

Simply Hired is a job search engine that collects job listings from all over the web, including company career pages, job boards and niche job websites.

ShorePoint

ShorePoint

ShorePoint helps customers focus on visibility, analytics and context to make timely and informed risk-based decisions to protect their infrastructure.

InFront Compliance

InFront Compliance

InFront is a next-gen online assessment and reporting platform focused on reducing risk and simplifying compliance.