Digging into the site revealed other malware connected to that particular URL, such as the trojan CoinSteal and another information stealer and malware dropper called Fareit. This could hint at a bigger operational campaign of trojan spyware.
Updated with statement from TeamViewer:
Prevention and Solution
This type of TeamViewer misuse is not new. Malware developers have been known to use the tool to deliver backdoors and keyloggers in a similar way as far back as 2016. We saw that the tool was trojanized by adding a malicious DLL to a legitimate version to be loaded onto a victim’s device. In 2017, a published report also showed how TeamViewer was being used to control an infected machine, not merely as a malware loader.
Given the possibilities of abuse and the recent schemes to deliver malware disguised as legitimate software, users should secure their endpoints with multilayered protection.
The following Trend Micro products can protect users from this threat:
Trend Micro™ Security, Smart Protection Suites
The malware described in this article is not the official TeamViewer software. It is a modified, pirated version of the software. It is strongly recommended to download the software only from the official TeamViewer website. Obtaining software from a reputable source is the best way to protect against threats like the trojan spyware described here. TeamViewer recommends to always use the latest version of its software in order to benefit from the latest security precautions.
Indicators of Compromise
With additional insights from Raphael Centeno and Patrick Roderno
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.