. home.aspx

NEWS

home.aspx
   


Government Officials Targeted With Trojanized TeamViewer

April 24, 2019 / Ionut Arghire

Recently observed attacks targeting officials within government finance authorities and representatives in several embassies in Europe abuse the legitimate TeamViewer application to gain full control of victim machines. The attack started with a malicious XLSM document with malicious macros, which is delivered as an email attachment and which masquerades as a top secret U.S. document. The document features the logo of the U.S. Department of State and is marked as Top Secret. Once enabled, the macro extracts a legitimate AutoHotkeyU32.exe program and an AHK script that can send a request to the command and control (C&C) server and receive additional script URLs to download and execute, Check Point’s security researchers discovered. Three AHK scripts can be downloaded as the next stage of the attack, one to take a screenshot and send it to the C&C, another to send the victim’s username and computer information, and a third to download a malicious version of TeamViewer...