TeamSpy Malware Returns to Steal Data

Uploaded on 2017-04-13 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

A new spam campaign has recently emerged, carrying the TeamSpy data-stealing malware, which can give cyber-criminals full access to a compromised computer.

According to Heimdal Security, many of the victims appear to be ordinary users, but some of the victims are high-profile industrial, research or diplomatic targets.

Part of the attackers’ activities is based on misusing the legitimate TeamViewer remote access tool, including a keylogger and a TeamViewer VPN.

The current attack relies on social engineering and careless use to trick victims into installing the TeamSpy malware. The malicious technique used is DLL hijacking, which tricks a legitimate software program to perform unauthorised actions.

First, the victim receives a spam email claiming to have an “eFax” attached. When opened, the file triggers the accompanying .exe file to be activated. This causes the malicious TeamSpy code to be dropped onto the victim’s computer, as a malicious DLL.

From there, a TeamViewer session started by the attackers will be invisible to the victim. This can lead to numerous forms of abuse against the services that the logged-in user runs on his/her computer. 

The attack can also circumvent two-factor authentication and can also give cyber-criminals access to encrypted content which is unencrypted by the users on their compromised computers.

“We highly recommend that you carefully analyse unwanted emails that you receive and that you don’t download email attachments from unknown senders,” said Andra Zaharia, security evangelist at Heimdal, in an analysis. “Malware can disguise itself in many forms on the web, and all it takes is one click to trigger an infection.”

Infosecurity Magazine

ENISA’s Threat Rankings: From Malware To Cyber Spies:

New Malware Hides In Memory:

 

 

« Ransomware 'customer support' Chat Reveals Criminals' Ruthlessness
Zello Protest App Blocked in Russia »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

2|SEC Consulting (2-SEC)

2|SEC Consulting (2-SEC)

At 2|SEC Consulting, we deliver an end-to-end service of cyber and information security solutions which are tailored to each client’s exact security needs.

Tendo Solutions

Tendo Solutions

Tendo Solutions provides intelligence, security, forensics and risk solutions to clients across different sectors and jurisdictions.

Get Cyber Safe

Get Cyber Safe

Get Cyber Safe is a national public awareness campaign created to educate Canadians about Internet security and the simple steps they can take to protect themselves online.

Promon

Promon

Promon is an application security vendor providing Self-Protection abilities to Mobile apps and Desktop applications.

Modux

Modux

Modux focus on a number of core competencies across cyber security including; cyber intelligence & analytics, penetration testing and training.

Metrarc

Metrarc

Metrarc has developed a ground-breaking technology called ICMetrics™ for deriving secure encryption keys from the properties of digital systems without the need to store any of the encryption keys.

DAkkS

DAkkS

DAkkS is the national accreditation body for Germany. The directory of members provides details of organisations offering certification services for ISO 27001.

Cytellix

Cytellix

Cytellix is an industry-standards-based, managed cybersecurity service provider, specializing in proactive behavioral analytics and situational awareness of an organization’s cyber posture.

DKBInnovative

DKBInnovative

DKBinnovative is a best-practice driven IT management firm that provides secure, reliable IT solutions to productivity-focused clients around the globe.

Guardian Digital

Guardian Digital

Guardian Digital makes email safe for business. Threat-ready business email protection. Fully supported.

IoTeX

IoTeX

Building the connected world. IoTeX is a fast, secure, and decentralized platform that connects real world devices/data to the blockchain.

SignalFire

SignalFire

SignalFire invest across both enterprise and consumer sectors at the seed and early growth stages.

Davinsi Labs

Davinsi Labs

Davinsi Labs helps companies achieve Digital Service Excellence with specialized Security Intelligence and Service Intelligence solutions.

Lineaje

Lineaje

Lineaje solves critical Software Supply Chain security problems faced by every organization that builds, uses or sells software.

Anch.AI

Anch.AI

Anch.AI is an Ethical AI Governance platform that helps you comply with EU regulations and avoid risks and penalties when developing and using AI as part of your business.

USX Cyber

USX Cyber

USX Cyber was founded on the idea that small and medium businesses deserve and require the same level and sophistication of cyber protection as large enterprises.

Anjolen

Anjolen

Anjolen provides expertise in cybersecurity, compliance and cyber forensic services.

Corgea

Corgea

Corgea is AI-powered security platform that finds, triages and fixes your insecure code.