Remote access software used by hackers to distribute malware

Drive-by-downloader attacks to install the Lurk trojan and other malware

Security researchers have discovered that hackers are installing malware on victim's computers by using remote administration software.

According to a blog post by researchers at Kaspersky, a banking Trojan called Lurk also installed the remote administration software Ammyy Admin on their computers.

It said that further research showed that the official Ammyy Admin website had "most probably been compromised" and the Trojan had been downloaded to users' computers along with the legitimate Ammyy Admin software.

Advertisement - Article continues below

"It turned out that on the official site of Ammyy Admin (which is used for remote desktop access) there was an installer that did not have a digital signature and was an NSIS archive," said Kaspersky Lab researcher Vasily Berdnikov.

When this archive was launched, two files were created in a temporary folder and launched for execution: aa_v3.exe installer of the administration tool Ammyy Admin, signed with a digital signature; and ammyysvc.exe malicious spyware program Trojan-Spy.Win32.Lurk.

"In other words, the Ammyy Admin installer available for download on the manufacturer's official website is basically a dropper Trojan designed to stealthily install a malicious program in the system, while displaying a screen mimicking the installation of legitimate software," said Berdnikov.

He added that his team had found out that the dropper was being distributed on a regular basis (with short breaks) over several hours on weekdays.

Advertisement
Advertisement - Article continues below

Some browsers have since highlighted the Ammyy website as potentially dangerous and cautioned users about the presence of unwanted software. Berdnikov said his firm had informed Ammy Group of the new attack and the new malware being distributed from the website ammyy.com.

Advertisement - Article continues below

As yet, it is not known if the problem has been resolved.

Travis Smith, security researcher at Tripwire, said that human nature is to let your guard down when you feel safe. 

"As users begin to interact with new sites, their trust begins to build over time when there are no negative consequences.  Attackers can exploit this trust relationship using drive-by-downloads.  By either compromising the website or leveraging malvertising, attackers can redirect users to a malicious website which will leverage a wide array of tools to infect the victim," he said.

"Since many exploits rely on known vulnerabilities, the easiest prevention mechanism is to install the operating system and all application patches as soon as possible," he added. "Only run applications and browser extensions which are absolutely necessary. Additional code running on the machine, such as applications or browser extensions, increase the attack surface for attackers."  

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/cloud/356260/the-road-to-recovery
Sponsored

The road to recovery

30 Jun 2020