TeamViewer is one of the most well-known Remote Access Software used to connect remotely to computers and use them over the Internet as if we were sitting in front of them. Although this tool is legitimate, secure and totally reliable (especially with the last implemented security measures), it is not the first time that hackers use it as a tool to carry out their computer attacks.
Recently, security experts have detected a new spy campaign from one of the most feared groups of hackers, TeamSpy. This group of hackers was doing theirs for over 10 years until in 2013 it was detected. After several years without acting on the net, finally this group of pirates has resurrected and has started with a new espionage campaign in which they use this remote control software to gain control of their victims’ systems and steal their data.
Next, let’s see how this group of hackers operates.
How TeamSpy performs its computer attacks through TeamViewer
To give way to this attack, the group of hackers sends a series of emails posing as different companies and organizations to deceive the victims to download and open a zip file attached that, when unpacking, extracts a .exe file manager to download a .dll library to start the infection.
When the malicious DLL is loaded on the system, the hackers remotely install a version of TeamViewer which they modify with that DLL to remain hidden in the system and not raise suspicion of their presence. In addition, hackers also install a keylogger and VPN in the system.
Spyware constantly sends log files to their C & C server with all the information it finds on the victim’s system, in addition to TeamViewer access data to connect remotely to it. This malware is also able to evade dual authentication of remote control software and even have access to encrypted data if the system user has them as trusted or has the encryption key of the same.
As you can see, the whole threat is done with a malicious DLL library, so, unlike what happened in the past, this time the passwords of TeamViewer have not been compromised, so, although not recommended, you can still use them.
Spyware still very little detected
As reported by the security company that has discovered this threat, the detection rate of this threat is very small. Only 15 of VirusTotal’s 59 antivirus programs detect it as a threat, including Kaspersky, ESET, McAfee, Windows Defender and Symantec, among others.
The best way to protect yourselves from these new computer attacks is, in addition to having updated antivirus software installed on your computer, avoiding to download and execute all kinds of files that you receive in the inbox of your email since, despite Years pass and computer threats change, e-mail remains one of the weakest pillars of security.
What do you think of the threats that continue to arrive via email?