TeamSpy hackers get the crew back together after four-year hiatus

Remote-control app hijacked for use as snooping tool – again

Updated Cybercrooks have once again begun slinging malware that subverts elements of the legitimate TeamViewer remote control app to snoop on victims.

The tactic was previously seen in 2013. Attacks typically begin with booby-trapped emails harbouring malicious attachments that pose as eFax messages. If installed, the malicious code uses DLL hijacking to create a backdoor on compromised machines.

The method helps to camouflage spying as well as allowing hackers to snoop on encrypted comms, warns Danish security intelligence firm Heimdal Security.

"Many of the victims appear to be ordinary users, but some are high-profile industrial, research, or diplomatic targets," explains Heimdal's Andra Zaharia.

"This attack can also circumvent two-factor authentication and can also give cybercriminals access to encrypted content which is unencrypted by the users on their compromised computers."

TeamViewer itself has not been compromised and that the attack involves tricking people into running malware that hooks into TeamViewer functionality. ®

Updated at 11:26am on 23 February to add: TeamViewer has been in touch since the publication of this article to say: "The outlined scenario is a post-exploitation action; so, the preceding malware infection is the real threat. We have no evidence to assume a vulnerability of our software."

Sponsored: The Joy and Pain of Buying IT - Have Your Say


Biting the hand that feeds IT © 1998–2017