The link,, is a legitimate Russian service for uploading and sharing files. The most important information is circled in red below and are a link, from which something is downloaded, and a password, which will be used later. If we look inside the malicious macro, we can see slightly obfuscated strings, usually split into one or more substrings, which are later concatenated. When the macros are enabled by the targeted person, the infection process begins, running completely in the background, so the victim doesn't notice anything. When the attachment is opened, the following screen appears: The attachment is an Excel file with macros. TeamSpy is spread via spam emails that are designed to trick people into opening an attachment. To make it more difficult for antivirus solutions to detect, some malware authors use popular remote control programs, like TeamViewer, instead to take advantage of their VPN network to better mask the communication between their malware and C&C servers. For this communication, malware authors usually implement a custom protocol, which can be easily spotted and distinguished from other traffic and thus blocked by antivirus solutions. C&C servers are also where malware sends back the data it collects. As the name suggests, a C&C server is the control center that sends out commands for malware to carry out. Most malware communicates with a command and control (C&C) server after infecting a device. We too have seen an uptick and have therefor decided to take a closer look. Heimdal Security recently reported that the malware has resurfaced with a targeted spam campaign. TeamSpy first appeared back in 2013, which is when CrySyS Lab and Kaspersky Lab published white papers about its operation. After that, the malware secretly installs TeamViewer, giving the cybercriminals full control of the infected computer. TeamSpy infects computers by tricking people into downloading a malicious attachment and enabling macros. The cybercriminals behind TeamSpy, unfortunately, also find the tool to be quite useful and use it to carry out malicious activity.
TeamViewer, a remote control program, can be very handy when you need remote IT support. Analyzing TeamSpy, malware that gives hackers complete remote control of PCs.
0 kommentar(er)
