23 April 19, 16:02
Quote:A new, targeted attack weaponizing TeamViewer has been uncovered which focuses on stealing financial information belonging to governmental and financial targets across Europe and beyond.
Researchers from Check Point said on Monday that the campaign is specifically targeting officials in government finance capacities and embassy representatives in Europe, alongside Nepal, Kenya, Liberia, Lebanon, Guyana, and Bermuda.
The infection vector begins with a typical phishing email containing a malicious attachment claiming to be a "Top Secret" document from the United States.
The email sent to potential victims contains the subject line "Military Financing Program" and the .XLSM document attached to the message has been crafted with a logo from the US Department of State in a bid to appear legitimate.
If a target downloads and opens the attachment, they are asked to enable macros -- a very common method employed by attackers to gain access to a victim system. Should they do so, two files are extracted -- a legitimate AutoHotkeyU32.exe program and a malicious TeamViewer DLL.
SOURCE: https://www.zdnet.com/article/trojanized...ss-europe/
![[-]](https://www.geeks.fyi/images/collapse.png)
