This, however, is not the first time when the name of TeamViewer has been misused to spread malware. “Given the possibilities of abuse and the recent schemes to deliver malware disguised as legitimate software, users should secure their endpoints with multilayered protection,” researchers suggested. Trend Micro researchers believed that the URL is part of “a bigger operational campaign of trojan spyware.” Both malware are known for stealing data from the compromised computers however CoinSteal removes itself from the system once the task is completed. The researchers also discovered several other malware linked to the C&C URL including CoinSteal and Fareit. Trend Micro researchers analyzed the archive and discovered a trojan spyware disguising as TeamViewer to collect and steal user data.įurther digging into the archive revealed that once executed the malware also gathers device-related data and send it to control-and-command (C&C) domain (hxxp://intersys32com) which includes username, computer name, operating system, OS architecture, RAM size, whether there is an anti-virus solution installed on the system, and administrator privilege. Hxxp://rosalos.ug/xxx/ #MalwareMustDie /q1e3001ct3 #Malware #InfoSec #CyberSecurity #OpenDir It all started on January 20th when a security researcher going by the Twitter handle of FewAtoms detected a malicious URL containing an open directory leading visitors to a malicious self-extracting archive ( SFX/SEA). Note: It is worth mentioning that the official website of TeamViewer has not been compromised and downloads from it are safe and secure. Recently, the IT security researchers at Trend Micro have uncovered a malware campaign targeting unsuspecting users with a malicious version of TeamViewer. If you’re still wondering how a patch management solution can make a difference in your enterprise, we recommend reading this article and checking out our online demo.TeamViewer is a popular remote control desktop sharing software with more than 1 billion users and that makes it a lucrative target for cyber criminals. Bulletin information For Windows:Īs last month’s Microsoft Office Equation Editor vulnerability shows, hackers can exploit software vulnerabilities faster than you might think. Don’t leave your enterprise vulnerable by waiting to patch TeamViewer. TeamViewer has already released patches for Windows, Mac, and Linux, which you can download to manually update TeamViewer on each of your individual systems. Alternatively, you can use our patch management solution, Patch Manager Plus, to patch up to 25 computers for free.Īlready using Patch Manager Plus in your network? Navigate to the Patches tab, click Supported Patches, then search for the bulletins below. If the same maneuver is executed on the client’s side, it will allow them to take control of the server’s keyboard and mouse, without any consideration for the server’s settings and permissions. If the exploit is performed on the server’s side, the “switch sides” feature can be enabled, allowing the server to initiate a change of control on the client. According to gellin’s report, this exploit can be used by both the host and the client. This code exploits naked inline hooking and memory alterations to change TeamViewer permissions. Fortunately, this vulnerability can only be exploited if the authentication code is shared and both screens are connected.Ī GitHub user named gellin originally reported this vulnerability by publishing a proof-of-concept code that contains an injectable C++ DLL file. TeamViewer uses Microsoft’s Remote Desktop Protocol, allowing the presenter and viewer to share screens using a secret authentication code. If your enterprise uses TeamViewer, we strongly recommend updating to the latest version to prevent this exploit from being used in your network. This specific TeamViewer vulnerability provides the presenter with an opportunity to overtake the viewer’s system, and vice versa. Because TeamViewer allows users to share what’s displayed on their desktops with anyone in the world (and, more importantly, grant someone else access to their computer), vulnerabilities in TeamViewer can be fairly serious. After reports of a serious bug, the developer behind TeamViewer, the popular remote desktop management software, has released an important patch to seal this vulnerability.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |