Remote access software used by hackers to distribute malware

Drive-by-downloader attacks to install the Lurk trojan and other malware

Security researchers have discovered that hackers are installing malware on victim's computers by using remote administration software.

According to a blog post by researchers at Kaspersky, a banking Trojan called Lurk also installed the remote administration software Ammyy Admin on their computers.

It said that further research showed that the official Ammyy Admin website had "most probably been compromised" and the Trojan had been downloaded to users' computers along with the legitimate Ammyy Admin software.

"It turned out that on the official site of Ammyy Admin (which is used for remote desktop access) there was an installer that did not have a digital signature and was an NSIS archive," said Kaspersky Lab researcher Vasily Berdnikov.

Advertisement
Advertisement - Article continues below

When this archive was launched, two files were created in a temporary folder and launched for execution: aa_v3.exe installer of the administration tool Ammyy Admin, signed with a digital signature; and ammyysvc.exe malicious spyware program Trojan-Spy.Win32.Lurk.

"In other words, the Ammyy Admin installer available for download on the manufacturer's official website is basically a dropper Trojan designed to stealthily install a malicious program in the system, while displaying a screen mimicking the installation of legitimate software," said Berdnikov.

He added that his team had found out that the dropper was being distributed on a regular basis (with short breaks) over several hours on weekdays.

Some browsers have since highlighted the Ammyy website as potentially dangerous and cautioned users about the presence of unwanted software. Berdnikov said his firm had informed Ammy Group of the new attack and the new malware being distributed from the website ammyy.com.

As yet, it is not known if the problem has been resolved.

Travis Smith, security researcher at Tripwire, said that human nature is to let your guard down when you feel safe. 

"As users begin to interact with new sites, their trust begins to build over time when there are no negative consequences.  Attackers can exploit this trust relationship using drive-by-downloads.  By either compromising the website or leveraging malvertising, attackers can redirect users to a malicious website which will leverage a wide array of tools to infect the victim," he said.

"Since many exploits rely on known vulnerabilities, the easiest prevention mechanism is to install the operating system and all application patches as soon as possible," he added. "Only run applications and browser extensions which are absolutely necessary. Additional code running on the machine, such as applications or browser extensions, increase the attack surface for attackers."  

Featured Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/strategy/28115/the-pros-and-cons-of-net-neutrality
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Visit/security/ransomware/354171/microsoft-issues-statement-debunking-teams-ransomware-rumours
ransomware

Microsoft issues statement debunking Teams ransomware rumours

21 Nov 2019
Visit/public-cloud/34850/salesforce-takes-aws-relationship-to-the-next-level
News

Salesforce takes AWS relationship to the next level

19 Nov 2019
Visit/mobile/5g/354161/tests-show-uks-5g-network-is-450-faster-than-4g
5G

Tests show UK's 5G network is 450% faster than 4G

20 Nov 2019