Friday, March 29, 2024

Ammyy Admin Compromised – Beware If You Downloaded Ammyy Admin Between June 13 or 14

Attackers compromised the official website of Ammyy Admin and made to serve a malicious version of Ammyy Admin instead of the legitimate one and use FIFA World Cup trend to hide their malicious activity.

It appears the infected file served from the legitimate site between June 13 or 14, like the October 2015 incidents where the Ammyy Admin served with malicious codes linked with cybercrime group Buhtrap.

Security researches from ESET spotted the issue on June 13 midnight and it as was notified Ammyy.

Ammyy Admin and Kasidet bot

Users who download the Ammyy Admin between June 13 or 14 also received a multipurpose Trojan and banking malware dubbed Kasidet bot.

Kasidet bot sold in various underground hacking forums and it was detected with the Ammyy[.]com between June 13 or 14.

It is capable of stealing files that contains password and data related to cryptocurrency wallets and accounts of the victims. It looks for the following file types(bitcoin, pass.txt, passwords.txt, wallet.dat) and if it got matching file type it masks and sends them to C&C server.

Attackers used FIFA World Cup based domain fifa2018start[.]info/panel/tasks[.]php to hide their malicious network communication.

ESET researchers believe “the attack is related to 2015 attack, attackers were misusing ammyy.com to serve numerous malware families, changing them on an almost daily basis. In the 2018 case, ESET systems detected only Win32/Kasidet, however, the obfuscation of the payload changed on three occasions, probably to avoid detection by security products.”

Here you can find the analysis Analysis report and IoCs.

Also Read

Beware of FlawedAmmyy RAT that Steals Credentials and Record Audio Chat

Beware!! Google Map Vulnerability Allows an Attacker to Redirect Victims into Malicious Websites

Powerful APT Malware “Slingshot” Performs Highly Sophisticated Cyber Attack to Compromise Router

Website

Latest articles

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles