Tag: buhtrap

Buhtrap backdoor and ransomware distributed via major advertising platform

April 30, 2019

Criminal activities against accountants on the rise – Buhtrap and RTM still active. What better way to target accountants than to target them as they search the web, looking for documents pertinent to their job? This is just what has been happening for the past few months, where a group using two well-known backdoors — Buhtrap and RTM — … More Buhtrap backdoor and ransomware distributed via major advertising platform

Ammyy Admin compromised with malware again; World Cup used as cover

July 12, 2018

Website altered to serve a malware-tainted version of otherwise legitimate software with the global event in Russia acting as a smokescreen. Users who downloaded the free remote administration tool Ammyy Admin from its official website ammyy.com on June 13 or 14, beware! According to ESET’s analysis, within that timeframe the website was compromised to serve … More Ammyy Admin compromised with malware again; World Cup used as cover

Crimeware: Malware and massive campaigns around the world

June 8, 2016

Within the world of IT security, one of the biggest concerns for companies and users is malicious code that can compromise their systems and/or information networks. This concern is not at all unfounded, as cases of malware and crimeware incidents are reported daily around the world. Indeed, the number of reports, detections and threats observed … More Crimeware: Malware and massive campaigns around the world

Operation Buhtrap malware distributed via ammyy.com

November 11, 2015

We noticed in late October that users visiting the Ammyy website to download the free version of its remote administrator software were being served a bundle containing not only the legitimate Remote Desktop Software Ammyy Admin, but also an NSIS (Nullsoft Scriptable Installation Software) installer ultimately intended to install the tools used by the Buhtrap … More Operation Buhtrap malware distributed via ammyy.com

Beware banking trojans and their nasty helpers

October 14, 2015

Banking trojans are rife, infecting thousands of users around the globe and helping cybercriminals gain illegal access to banking credentials and account information. But to do this, they often need assistance from an assortment of trojan downloaders, webinject files and the like. In this feature, we take a closer look at four especially severe examples. … More Beware banking trojans and their nasty helpers