TeamViewer is a popular remote control desktop sharing software with more than 1 billion users and that makes it a lucrative target for cyber criminals. Recently, the IT security researchers at Trend Micro have uncovered a malware campaign targeting unsuspecting users with a malicious version of TeamViewer.
Note: It is worth mentioning that the official website of TeamViewer has not been compromised and downloads from it are safe and secure.
It all started on January 20th when a security researcher going by the Twitter handle of FewAtoms detected a malicious URL containing an open directory leading visitors to a malicious self-extracting archive (SFX/SEA).
— Few Atoms (@FewAtoms) January 20, 2019
Trend Micro researchers analyzed the archive and discovered a trojan spyware disguising as TeamViewer to collect and steal user data.
Further digging into the archive revealed that once executed the malware also gathers device-related data and send it to control-and-command (C&C) domain (hxxp://intersys32[.]com) which includes username, computer name, operating system, OS architecture, RAM size, whether there is an anti-virus solution installed on the system, and administrator privilege.
The researchers also discovered several other malware linked to the C&C URL including CoinSteal and Fareit. Both malware are known for stealing data from the compromised computers however CoinSteal removes itself from the system once the task is completed.
Trend Micro researchers believed that the URL is part of “a bigger operational campaign of trojan spyware.”
“Given the possibilities of abuse and the recent schemes to deliver malware disguised as legitimate software, users should secure their endpoints with multilayered protection,” researchers suggested.
This, however, is not the first time when the name of TeamViewer has been misused to spread malware. Previously, hackers used malicious TeamViewer app to target unsuspected users with TeamSpy data-stealing malware.
To protect your system from such spyware avoid downloading software from third-party websites, keep your system updated and scan it with an anti-malware regularly. Here is a list of 10 powerful antiviruses for PC, Mac, Android, iPhone