- Connects to the internet without permission
- Installs itself without permissions
- Slow Computer
- Slow internet connection
TeamSpy is a malware application which changes the legitimate TeamViewer application, remote access tool (RAT), into a tool enabling remote attackers control the machine. By using the corrupted TeamViewe 6, attackers can activate microphone, download or upload various files and manipulate the infected machine in other ways. The threat modifies its files so that it is not detected by the user or an anti-virus program and it is utilized to compromise sensitive systems and steal data from governmental agencies and private companies.
TeamSpy operations are supplemented by custom-built modules which enable attackers obtain such sensitive information as private keys and passwords, technical details of OS and BIOS, and information inputs. In order to record what data is stored on the PC, TeamSpy makes screenshot captures and tracks keystrokes. Moreover, the researchers have detected that in some cases, hand-draw icons are created whose purpose has not been defined yet.
It has been found that the attackers attempt to acquire such files as .doc, .xls, .mdb, .pdf, and .rtf, and files that may contain encryption keys and passwords. This is achieved by extending the functionality of TeamViewer with the help of a DLL hijacking exploit.
Different hints to the Russian language have been detected while analyzing the malware. Those traces are detected in the names of the tracking tools used to compromise computers. Moreover, it is known that there are two major servers such as politnews.org and bannetwork.org which are used by the attackers. They are believed to have been registered using fake IDs.
TeamSpy has been detected in different countries around the world; however, the countries which have been affected mostly include Russian and Ukraine.
In order to avoid unexpected malware attacks and protect data leaks, it is important to protect the computer, be it a personal one or an office computer. By implementing a reliable spyware removal tool which is regularly updated, you can safely use the computer and browse the Internet.
If you want to check what malicious programs are running within the system or want to remove the existing ones, use our spyware removal tool SpyHunter. With one click on the download button, you can acquire our free scanner which will easily scan the PC and identify all computer infections.