Remote access software used by hackers to distribute malware

Drive-by-downloader attacks to install the Lurk trojan and other malware

Security researchers have discovered that hackers are installing malware on victim's computers by using remote administration software.

According to a blog post by researchers at Kaspersky, a banking Trojan called Lurk also installed the remote administration software Ammyy Admin on their computers.

It said that further research showed that the official Ammyy Admin website had "most probably been compromised" and the Trojan had been downloaded to users' computers along with the legitimate Ammyy Admin software.

"It turned out that on the official site of Ammyy Admin (which is used for remote desktop access) there was an installer that did not have a digital signature and was an NSIS archive," said Kaspersky Lab researcher Vasily Berdnikov.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

When this archive was launched, two files were created in a temporary folder and launched for execution: aa_v3.exe installer of the administration tool Ammyy Admin, signed with a digital signature; and ammyysvc.exe malicious spyware program Trojan-Spy.Win32.Lurk.

"In other words, the Ammyy Admin installer available for download on the manufacturer's official website is basically a dropper Trojan designed to stealthily install a malicious program in the system, while displaying a screen mimicking the installation of legitimate software," said Berdnikov.

He added that his team had found out that the dropper was being distributed on a regular basis (with short breaks) over several hours on weekdays.

Some browsers have since highlighted the Ammyy website as potentially dangerous and cautioned users about the presence of unwanted software. Berdnikov said his firm had informed Ammy Group of the new attack and the new malware being distributed from the website ammyy.com.

As yet, it is not known if the problem has been resolved.

Travis Smith, security researcher at Tripwire, said that human nature is to let your guard down when you feel safe. 

Advertisement - Article continues below

"As users begin to interact with new sites, their trust begins to build over time when there are no negative consequences.  Attackers can exploit this trust relationship using drive-by-downloads.  By either compromising the website or leveraging malvertising, attackers can redirect users to a malicious website which will leverage a wide array of tools to infect the victim," he said.

"Since many exploits rely on known vulnerabilities, the easiest prevention mechanism is to install the operating system and all application patches as soon as possible," he added. "Only run applications and browser extensions which are absolutely necessary. Additional code running on the machine, such as applications or browser extensions, increase the attack surface for attackers."  

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020