This new trojan malware uses leaked source code of legit software to snoop on you

Hackers are distributing a newly discovered form of trojan malware that offers full access to infected Windows PCs. Dubbed FlawedAmmyy, the malware is built on top of leaked source code for a legitimate app, Version 3 of Ammyy Admin remote desktop software, and enables attackers to secretly snoop on those duped into installing it. The RAT (remote access trojan) is capable of complete remote desktop control, providing hackers with full access to the system and the opportunity to steal files, credentials, and more. The malware can also abuse audio chat.

While those behind FlawedAmmyy attempt to deliver it in bulk using massive phishing campaigns, they’re also engaging in narrower campaigns targeting specific sectors, with attacks focused on the automotive industry, among others. This campaign to infect PCs with FlawedAmmyy was active just days ago. Previously undocumented, FlawedAmmyy was first uncovered by researchers at Proofpoint, who said the group behind it has been actively deploying the trojan since January 2016. The organisation behind the attacks is thought to be TA505, a prolific hacking group that has been active since 2014, and has previously targeted victims using the Dridex banking trojanLocky ransomwareJaff ransomware, and more, in wide-ranging campaigns.

Read more about the newly discovered FlawedAmmyy trojan malware on ZDNet.

Track the strategic threats to your business with the Threat Brief, delivered to your email daily.

Subscribe Here