TeamViewer is a popular program, identified as a remote access software. Speaking more broadly, it is meant to connect two separate devices so one could gain access over the other one. This is done by one user providing a specific code. TeamViewer is available for personal use and almost anybody can get it. It is obviously a convenient tool to transfer files, update information and for all sorts of different reasons as well.
All sounds good in theory, but actual exploration of TeamViewer is not as innocent as security researchers would like. Quite recently, after seemingly hanging their aprons and disappearing from the radar of security researchers, TeamSpy emerged from the ashes. It is basically a data-stealing malware which attempts to exploit the features of TeamViewer for malicious purposes. Goals for every hacker are similar: they all wish to obtain information from devices and put it to their personal benefit. Back in 2013, the first times when the malware was detected, TeamSpy gang attempted to steal data from all sorts of victims, leveraging from important officials or ordinary people with personal computers.
How does TeamSpy transform TeamViewer to obey their instructions? Actually, TeamViewer has nothing to do with the attack and crooks are simply taking advantage out of people that have poor browsing skills. In order for this hoax to be carried out and that personal information, credentials would be accessible by external forces, victims have to fall into a couple of trapdoors. We have lost track of times that we have warned our visitors about malicious spam letters: this article does not seem to fall from this tree of repetition. Crooks that are distributing TeamSpy malware are expecting that people will voluntarily open rogue messages that they receive in their email accounts. This specific campaign should transmit letters that have a .zip file. Then, once the file is downloaded and extracted, it puts in motion an .exe executable. Then, a vile code of TeamSpy is placed in the device as an evil DLL. After completing a series of additional processes, TeamSpy malware also incorporates some other elements that are otherwise not present in the TeamViewer (key logger and TeamViewer VPN).
When every single necessary has been implemented, hackers will be able to initiate a session with TeamViewer. However, even though people can usually clearly notice when a session is in order, crooks manage to twist this feature. Once they begin their search for valuable data, users will have no idea that crooks are initiating malicious activity as they are peacefully proceeding with their regular processes. For now, it seems that not a lot of anti-malware tools have the capacity to detect the TeamSpy malware, so we are advising you to be cautious and try not to get infected in the first place.
Source: heimdalsecurity.com.
