Friday, September 13, 2024
HomeComputer SecurityAmmyy Admin Compromised - Beware If You Downloaded Ammyy Admin Between June...

Ammyy Admin Compromised – Beware If You Downloaded Ammyy Admin Between June 13 or 14

Published on

Attackers compromised the official website of Ammyy Admin and made to serve a malicious version of Ammyy Admin instead of the legitimate one and use FIFA World Cup trend to hide their malicious activity.

It appears the infected file served from the legitimate site between June 13 or 14, like the October 2015 incidents where the Ammyy Admin served with malicious codes linked with cybercrime group Buhtrap.

Security researches from ESET spotted the issue on June 13 midnight and it as was notified Ammyy.

- Advertisement - EHA

Ammyy Admin and Kasidet bot

Users who download the Ammyy Admin between June 13 or 14 also received a multipurpose Trojan and banking malware dubbed Kasidet bot.

Kasidet bot sold in various underground hacking forums and it was detected with the Ammyy[.]com between June 13 or 14.

It is capable of stealing files that contains password and data related to cryptocurrency wallets and accounts of the victims. It looks for the following file types(bitcoin, pass.txt, passwords.txt, wallet.dat) and if it got matching file type it masks and sends them to C&C server.

Attackers used FIFA World Cup based domain fifa2018start[.]info/panel/tasks[.]php to hide their malicious network communication.

ESET researchers believe “the attack is related to 2015 attack, attackers were misusing ammyy.com to serve numerous malware families, changing them on an almost daily basis. In the 2018 case, ESET systems detected only Win32/Kasidet, however, the obfuscation of the payload changed on three occasions, probably to avoid detection by security products.”

Here you can find the analysis Analysis report and IoCs.

Also Read

Beware of FlawedAmmyy RAT that Steals Credentials and Record Audio Chat

Beware!! Google Map Vulnerability Allows an Attacker to Redirect Victims into Malicious Websites

Powerful APT Malware “Slingshot” Performs Highly Sophisticated Cyber Attack to Compromise Router

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Beware Of Weaponized Excel Document That Delivers Fileless Remcos RAT

A recent advanced malware campaign leverages a phishing attack to deliver a seemingly benign...

Hackers Exploiting Apache OFBiz RCE Vulnerability in the Wild

A critical vulnerability in the Apache OFBiz framework has been actively exploited by hackers....

Docker Desktop Vulnerabilities Let Attackers Execute Remote Code

Docker has addressed critical vulnerabilities in Docker Desktop that could allow attackers to execute...

Fortinet Confirms Data Breach Following Hacker’s Claim of 440GB Data Theft

Fortinet, a leading cybersecurity firm, has confirmed a data breach involving a third-party cloud...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Digital Wallets Bypassed To Allow Purchase With Stolen Cards

Digital wallets enable users to securely store their financial information on smart devices and...

Best SIEM Tools List For SOC Team – 2024

The Best SIEM tools for you will depend on your specific requirements, budget, and...

Oracle Releases Biggest Security Update in 2024 – 372 Vulnerabilities Are Fixed – Update Now!

Oracle has released its April 2024 Critical Patch Update (CPU), addressing 372 security vulnerabilities...