TeamSpy is spread via spam emails that are designed to trick people into opening an attachment. To make it more difficult for antivirus solutions to detect, some malware authors use popular remote control programs, like TeamViewer, instead to take advantage of their VPN network to better mask the communication between their malware and C&C servers. For this communication, malware authors usually implement a custom protocol, which can be easily spotted and distinguished from other traffic and thus blocked by antivirus solutions. C&C servers are also where malware sends back the data it collects. As the name suggests, a C&C server is the control center that sends out commands for malware to carry out. Most malware communicates with a command and control (C&C) server after infecting a device. We too have seen an uptick and have therefor decided to take a closer look. Heimdal Security recently reported that the malware has resurfaced with a targeted spam campaign.
TeamSpy first appeared back in 2013, which is when CrySyS Lab and Kaspersky Lab published white papers about its operation. After that, the malware secretly installs TeamViewer, giving the cybercriminals full control of the infected computer. TeamSpy infects computers by tricking people into downloading a malicious attachment and enabling macros. The cybercriminals behind TeamSpy, unfortunately, also find the tool to be quite useful and use it to carry out malicious activity. TeamViewer, a remote control program, can be very handy when you need remote IT support. Analyzing TeamSpy, malware that gives hackers complete remote control of PCs.
0 kommentar(er)
