TeamViewer is a go-to remote support software that many help desks rely on to perform their IT support functions.
However, its remote access functionality has also been exploited in a recent series of attacks targeting government financial agencies and international embassies.
Basically, the attack consists of malicious Excel spreadsheets, which the user opens assuming it’s a legitimate file, but which installs a trojaned version of the TeamViewer remote access app.
Once the corrupted TeamViewer is installed, the attacker can extract information as well as install and run files on the remote machine.
It’s not the first time TeamViewer’s been in the news for falling in the wrong hands. A quick google search and look through forums is enough to see other instances pop up.
But what made these attacks different is that they may have been politically or financially motivated—since they targeted government officials in revenue sectors specifically—although researchers at Checkpoint are still trying to get to the bottom of it.
The Check Point research has already turned up some promising leads. It turns out, whoever initiated the attacks left personal information exposed, and the tools used have been traced back to a user from a Russian cybercrime forum.
Check out the full story over at Decipher, an independent editorial site covering information security.