![]() ![]() When activated the Trojan can act as a remote access as well as a proxy to transfer commands from C&C to another machine on the LAN. The virus uses base64 encryption and uses advanced technique to hide its session from the users. The Trojan main payload is injected in avicap32.dll. The dropper pretends to be an Adobe player upgrade and installs BackDoor.TeamViewer.49 Trojan on the affected computer. The Trojan is delivered by Trojan.MulDrop6.39120 discovered in the beginning of May 2016. Even though the Trojan is supposed to hide the TeamViewer interface and use its functions in the background, we believe that mutation of the virus (the virus uses advanced hiding techniques) can create an unpredicted effect on the systems with legitimately installed TeamViewer causing effect described by users that reported the compromise. The version of Trojan - BackDoor.TeamViewer.49 utilizes TeamViewer as its backdoor implementation and is delivered by Trojan.MulDrop6.39120 through Adobe vulnerability. Even users with strong passwords and two-factor authentication enabled on their TeamViewer accounts say they were hit. The signature for the Trojan was added on. In the past 24 hours, weve seen a spike in complaints from people who say their PCs, Macs and servers were taken over via the widely used remote-control tool on their machines. Our Analysis:Įven though the situation is still not clear, the Digital Edge Security Team sides with security expects blaming a BackDoor Trojan discovered in May of 2016. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. They also confirmed that the reported breach is not anyhow connected to another hacking event that happened in May 2016 when TeamViewer users claimed that hackers emptied their bank accounts by exploiting a flaw in the software.Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. TeamViewer also mentioned the possibility of some users having unintentionally downloaded and installed programs infected with malware which could have allowed attackers to “virtually do anything with that particular system – depending on how intricate the malware is, it can capture the entire system, seize or manipulate information, and so forth.” This particularly includes the use of the same password across multiple user accounts with various internet services.” However, in their press release, TeamViewer blamed the account hacks reported by its users on “Careless use of account credentials remains to be a key problem for all internet services. In the past 24 hours, we’ve seen a spike in complaints from people who say their PCs, Macs and servers were taken over via the widely used remote-control tool on their machines. On June 1, 2016, TeamViewer issued a press release acknowledging a service outage caused by a denial-of-service attack (DoS) which targeted the TeamViewer DNS server infrastructure. Seeing the hackers were not able to steal any data during the attack, TeamViewer decided not to publish a security breach notification to inform the users of the incident. Once infected, Winnti downloads a backdoor payload on the compromised computers giving attackers the ability to remotely control the victims’ computers without their knowledge. It is not a surprise that attackers are targeting TeamViewer as it is a popular remote-support software that allows you to securely share your desktop or take full control of other’s PC over the internet and there are millions of users making use of this service Well Surprise Turns out Teamviewer was hacked and just didnt disclose it. Teamviewer, one of the most popular software in the world that allows users to access and share their desktops remotely, was reportedly compromised in 2016 says report.Īccording to report, hackers with Chinese Origin who used Winnti trojan malware launched the cyber attack as such activities have previously been found and linked to the Chinese state intelligence system. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |