Contact Contact Us

Spear Phishing Emails Deliver Evil TeamViewer

A Russian threat actor known as EvaPiks has been distributing spear phishing emails that will install a modified version of TeamViewer, a software that grants remote access and desktop sharing between computers. In recent campaign, the phishing attacks targeted embassy staff and officials in the public financial sector using an email crafted to look like a US government top-secret document. When the macro within the document is enabled, three AutoHotKey scripts will be downloaded and executed to collect system information and install a malicious TeamViewer version. As TeamViewer is hidden from the user’s view when running, the attackers can use the remote session to capture user credentials or upload and download files from the compromised machine.

[1] FINTEAM: Trojanized TeamViewer Against Government Targets

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883