TeamSpy hackers get the crew back together after four-year hiatus

Cybercrooks have once again begun slinging malware that subverts elements of the legitimate TeamViewer remote control app to snoop on victims.

The tactic was previously seen in 2013. Attacks typically begin with booby-trapped emails harbouring malicious attachments that pose as eFax messages. If installed, the malicious code uses DLL hijacking to create a backdoor on compromised machines.

The method helps to camouflage spying as well as allowing hackers to snoop on encrypted comms, warns Danish security intelligence firm Heimdal Security.

“Many of the victims appear to be ordinary users, but some are high-profile industrial, research, or diplomatic targets,” explains Heimdal’s Andra Zaharia.

“This attack can also circumvent two-factor authentication and can also give cybercriminals access to encrypted content which is unencrypted by the users on their compromised computers.” ®

Source: The Register – Security @ February 21, 2017 at 06:00AM