Categories: Computer Security

Ammyy Admin Compromised – Beware If You Downloaded Ammyy Admin Between June 13 or 14

Attackers compromised the official website of Ammyy Admin and made to serve a malicious version of Ammyy Admin instead of the legitimate one and use FIFA World Cup trend to hide their malicious activity.

It appears the infected file served from the legitimate site between June 13 or 14, like the October 2015 incidents where the Ammyy Admin served with malicious codes linked with cybercrime group Buhtrap.

Security researches from ESET spotted the issue on June 13 midnight and it as was notified Ammyy.

Ammyy Admin and Kasidet bot

Users who download the Ammyy Admin between June 13 or 14 also received a multipurpose Trojan and banking malware dubbed Kasidet bot.

Kasidet bot sold in various underground hacking forums and it was detected with the Ammyy[.]com between June 13 or 14.

It is capable of stealing files that contains password and data related to cryptocurrency wallets and accounts of the victims. It looks for the following file types(bitcoin, pass.txt, passwords.txt, wallet.dat) and if it got matching file type it masks and sends them to C&C server.

Attackers used FIFA World Cup based domain fifa2018start[.]info/panel/tasks[.]php to hide their malicious network communication.

ESET researchers believe “the attack is related to 2015 attack, attackers were misusing ammyy.com to serve numerous malware families, changing them on an almost daily basis. In the 2018 case, ESET systems detected only Win32/Kasidet, however, the obfuscation of the payload changed on three occasions, probably to avoid detection by security products.”

Here you can find the analysis Analysis report and IoCs.

Also Read

Beware of FlawedAmmyy RAT that Steals Credentials and Record Audio Chat

Beware!! Google Map Vulnerability Allows an Attacker to Redirect Victims into Malicious Websites

Powerful APT Malware “Slingshot” Performs Highly Sophisticated Cyber Attack to Compromise Router

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Pathfinder AI – Hunters Announces New AI Capabilities for Smarter SOC Automation

Pathfinder AI expands Hunters' vision for AI-driven SOCs, introducing Agentic AI for autonomous investigation and…

3 hours ago

Google Secretly Tracks Android Devices Even Without User-Opened Apps

A recent technical study conducted by researchers at Trinity College Dublin has revealed that Google…

4 hours ago

LLMjacking – Hackers Abuse GenAI With AWS NHIs to Hijack Cloud LLMs

In a concerning development, cybercriminals are increasingly targeting cloud-based generative AI (GenAI) services in a…

4 hours ago

Microsoft Strengthens Trust Boundary for VBS Enclaves

Microsoft has introduced a series of technical recommendations to bolster the security of Virtualization-Based Security…

5 hours ago

Hackers Exploiting Business Relationships to Attack Arab Emirates Aviation Sector

A sophisticated cyber espionage campaign targeting the aviation and satellite communications sectors in the United…

5 hours ago

Microsoft Removing DES Encryption from Windows 11 24H2 and Windows Server 2025″

Microsoft has announced the removal of the Data Encryption Standard (DES) encryption algorithm from Kerberos…

5 hours ago