Hackers are distributing a newly discovered form of trojan malware that offers full access to infected Windows PCs. Dubbed FlawedAmmyy, the malware is built on top of leaked source code for a legitimate app, Version 3 of Ammyy Admin remote desktop software, and enables attackers to secretly snoop on those duped into installing it. The RAT (remote access trojan) is capable of complete remote desktop control, providing hackers with full access to the system and the opportunity to steal files, credentials, and more. The malware can also abuse audio chat.
While those behind FlawedAmmyy attempt to deliver it in bulk using massive phishing campaigns, they’re also engaging in narrower campaigns targeting specific sectors, with attacks focused on the automotive industry, among others. This campaign to infect PCs with FlawedAmmyy was active just days ago. Previously undocumented, FlawedAmmyy was first uncovered by researchers at Proofpoint, who said the group behind it has been actively deploying the trojan since January 2016. The organisation behind the attacks is thought to be TA505, a prolific hacking group that has been active since 2014, and has previously targeted victims using the Dridex banking trojan, Locky ransomware, Jaff ransomware, and more, in wide-ranging campaigns.
Read more about the newly discovered FlawedAmmyy trojan malware on ZDNet.