Thursday, 12 November 2015

Website Ammyy Admin Spread Infectious Download

The official website of the remote desktop software Ammyy Admin has recently been hacked and has offered several days a contaminated version allowing users by a group of cyber criminals were spied upon. Ammyy Admin makes it possible to record on remote computers.

According to the developers make more than 50 million people, both business and private use of the software. It is used by companies in the Fortune 500, as well as banks. Also telephone scammers use the software. Some detect anti-virus programs Ammyy Admin whatsoever as unwanted software. According to the Slovak anti-virus company ESET is the remote desktop software especially popular in Russia.

On October 26 ESET discovered that on the website malware was offered. The free version of Ammyy Admin was replaced with an infected version. Until November 2 the infected version was offered. The installer installed the real Ammyy Admin software, as well as a file called AmmyyService.exe or AmmyySvc.exe that contained the malware. Then analyzed the malware existing software and websites visited.

If the computer had sufficient value was additional malware being installed. This malware was signed with a certificate from Comodo, which has been withdrawn. The malware spies on users, records all keystrokes, enumerate smart cards and communicates with a command & control server. It is unclear when the site was hacked and how long exactly malware is offered. ESET tried the developers of Ammyy Admin several days and warn in different ways, but received no response.

No comments:

Post a Comment