The build detected on the site on June 13 had two main goals: Win32/Kasidet is a bot that is sold in underground crime markets and is actively used by various cybercriminal groups. ESET advises all potential victims to take precautionary measures and use a reliable security product to scan and clean their devices.
#Ammyy admin user guide software
Users who downloaded software from in the aforementioned timeframe received more than just the requested software – part of the bundle was also a multipurpose Trojan and banking malware detected by ESET as Win32/Kasidet. Remote admin with Kasidet bot on the side The issue was first spotted by ESET researchers shortly after midnight on June 13 and persisted until the morning of June 14. Now history repeats itself and the site seems to be compromised again.
In October 2015, the website offering a free version of Ammyy Admin software started serving malicious code connected to the cybercrime group Buhtrap. It feels almost like traveling back in time.
To add an interesting twist to the incident, the attackers tried to hide their malicious activity behind the brand of the ongoing FIFA World Cup. Users who downloaded the free remote administration tool Ammyy Admin from its official website on June 13 or 14, beware!Īccording to ESET’s analysis, within that timeframe the website was compromised to serve a malware-tainted version of this otherwise legitimate software. Website altered to serve a malware-tainted version of otherwise legitimate software with the global event in Russia acting as a smokescreen
0 kommentar(er)
