Remote access software used by hackers to distribute malware

Drive-by-downloader attacks to install the Lurk trojan and other malware

Security researchers have discovered that hackers are installing malware on victim's computers by using remote administration software.

According to a blog post by researchers at Kaspersky, a banking Trojan called Lurk also installed the remote administration software Ammyy Admin on their computers.

It said that further research showed that the official Ammyy Admin website had "most probably been compromised" and the Trojan had been downloaded to users' computers along with the legitimate Ammyy Admin software.

Advertisement - Article continues below

"It turned out that on the official site of Ammyy Admin (which is used for remote desktop access) there was an installer that did not have a digital signature and was an NSIS archive," said Kaspersky Lab researcher Vasily Berdnikov.

When this archive was launched, two files were created in a temporary folder and launched for execution: aa_v3.exe installer of the administration tool Ammyy Admin, signed with a digital signature; and ammyysvc.exe malicious spyware program Trojan-Spy.Win32.Lurk.

"In other words, the Ammyy Admin installer available for download on the manufacturer's official website is basically a dropper Trojan designed to stealthily install a malicious program in the system, while displaying a screen mimicking the installation of legitimate software," said Berdnikov.

He added that his team had found out that the dropper was being distributed on a regular basis (with short breaks) over several hours on weekdays.

Advertisement
Advertisement - Article continues below

Some browsers have since highlighted the Ammyy website as potentially dangerous and cautioned users about the presence of unwanted software. Berdnikov said his firm had informed Ammy Group of the new attack and the new malware being distributed from the website ammyy.com.

Advertisement - Article continues below

As yet, it is not known if the problem has been resolved.

Travis Smith, security researcher at Tripwire, said that human nature is to let your guard down when you feel safe. 

"As users begin to interact with new sites, their trust begins to build over time when there are no negative consequences.  Attackers can exploit this trust relationship using drive-by-downloads.  By either compromising the website or leveraging malvertising, attackers can redirect users to a malicious website which will leverage a wide array of tools to infect the victim," he said.

"Since many exploits rely on known vulnerabilities, the easiest prevention mechanism is to install the operating system and all application patches as soon as possible," he added. "Only run applications and browser extensions which are absolutely necessary. Additional code running on the machine, such as applications or browser extensions, increase the attack surface for attackers."  

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/cloud/355098/ibm-dedicates-supercomputing-power-to-coronavirus-researchers
high-performance computing (HPC)

IBM dedicates supercomputing power to coronavirus research

24 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020