url files are interpreted by Microsoft Windows as “Internet Shortcut” files, examples of which can be found in the “Favorites” folder on Windows operating systems. Again, these were apparently random digits (Figure 1).įigure 1: Sample email from March 5, 2018, Ammyy Admin malware campaign The attachments were ZIP archives containing ".url" files with names such as "B123456789012.url". url attachments and both the messages and the delivery suggest they were sent by threat actor TA505, known for sending large-scale Dridex, Locky, and GlobeImposter campaigns, among others, over the last four years.įor example, on March 5, the messages were sent from addresses spoofing the recipient’s own domain with subjects such as “Receipt No 1234567” (random digits, and first word could also be “Bill” or “Invoice”) and matching attachments "Receipt 1234567.zip". The messages in these campaigns contained zipped. Narrow attacks targeted the Automotive industry among others, while the large malicious spam campaigns appear to be associated with threat actor TA505, an actor responsible for many large-scale attacks since at least 2014.įlawedAmmyy Admin appeared most recently as the payload in massive email campaigns on March 5 and 6, 2018. All rights reserved.Proofpoint researchers have discovered a previously undocumented remote access Trojan (RAT) called FlawedAmmyy that has been used since the beginning of 2016 in both highly targeted email attacks as well as massive, multi-million message campaigns. If you decide not to use Ammyy Admin just delete the exe file from your PC.Ĭopyright © 2017 Ammyy. It doesn't make any hidden manipulations with your files and folders. If you're not sure you can manage the actions described above then just turn off your PC and address to a computer specialist you know or to a company that provides technical support.Īmmyy Admin software (if downloaded from itself doesn't bring any risk of data leakage or harm to your PC. If you got scammed (launched Ammyy Admin and granted access to your PC to a scammer and inputted your credit card requisites during the remote desktop connection session) please do the following:ġ) Turn off your Internet connection, then turn off the PC and call your bank to freeze all your bank accounts.Ģ) Boot your PC in the safe mode and check it for viruses (it's possible the scammers had run their malicious hidden software)ģ) If your Antivirus Software shows no warnings restart the PC and make sure Ammyy Admin Service isn't installed and doesn't run in automatic mode.įor this go to main window of Ammyy Admin -> Ammyy -> Service -> Remove. In case you received such type of phone call - hang up, do not let them have remote control access to your computer and never provide any of your credit card requisites. When I became suspicious and began questioning him he said he would show me who he was and opened a website of a company - the web site triggered my virus software and I then demanded that the remote access be terminated." It turns out that he was nothing to do with my internet service provider. "I was recently called by what I thought was my internet service provider technician who used Ammyy to gain remote access to my computer - after I stupidly granted him that permission. He made me to log into my computer to track some files and without advising me he wanted me to download a software application from and get remotely connected to a technician to delete some files." "I got call from an India based consultant who said to me that he is calling from a govt. doesn't make these kinds of calls and never asks to download and launch Ammyy Admin. We are advising Ammyy Admin users to treat all unsolicited phone calls with skepticism and not to grant access to your PC to anyone you don't know personally. is a legitimate software development company, we take the privacy and security of our customers and partners personal information very seriously. There also might be phone calls from people presenting themselves as internet service provider technicians or any other tech support specialists.Īmmyy Inc. !!! If you receive a phone call claiming to be from 'Microsoft' or someone claiming to work on their behalf, telling you that you have a virus on your computer or some errors which they will help you to fix via Ammyy Admin, it is definitely a scam. Please be attentive and never grant access to people you don't know personally or whom you don't trust. Unfortunately, there are some cases of malicious use of our software noticed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |