Friday, June 14, 2024

Ammyy Admin Compromised – Beware If You Downloaded Ammyy Admin Between June 13 or 14

Attackers compromised the official website of Ammyy Admin and made to serve a malicious version of Ammyy Admin instead of the legitimate one and use FIFA World Cup trend to hide their malicious activity.

It appears the infected file served from the legitimate site between June 13 or 14, like the October 2015 incidents where the Ammyy Admin served with malicious codes linked with cybercrime group Buhtrap.

Security researches from ESET spotted the issue on June 13 midnight and it as was notified Ammyy.

Ammyy Admin and Kasidet bot

Users who download the Ammyy Admin between June 13 or 14 also received a multipurpose Trojan and banking malware dubbed Kasidet bot.

Kasidet bot sold in various underground hacking forums and it was detected with the Ammyy[.]com between June 13 or 14.

It is capable of stealing files that contains password and data related to cryptocurrency wallets and accounts of the victims. It looks for the following file types(bitcoin, pass.txt, passwords.txt, wallet.dat) and if it got matching file type it masks and sends them to C&C server.

Attackers used FIFA World Cup based domain fifa2018start[.]info/panel/tasks[.]php to hide their malicious network communication.

ESET researchers believe “the attack is related to 2015 attack, attackers were misusing to serve numerous malware families, changing them on an almost daily basis. In the 2018 case, ESET systems detected only Win32/Kasidet, however, the obfuscation of the payload changed on three occasions, probably to avoid detection by security products.”

Here you can find the analysis Analysis report and IoCs.

Also Read

Beware of FlawedAmmyy RAT that Steals Credentials and Record Audio Chat

Beware!! Google Map Vulnerability Allows an Attacker to Redirect Victims into Malicious Websites

Powerful APT Malware “Slingshot” Performs Highly Sophisticated Cyber Attack to Compromise Router


Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles