Knowledge

3/14/2018

Security Update: Was TeamViewer Hacked? Digital Edge Believes it was a Backdoor Dropped by Trojan.MulDrop6.39120

Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.  

Our Analysis:

Even though the situation is still not clear, the Digital Edge Security Team sides with security expects blaming a BackDoor Trojan discovered in May of 2016. The signature for the Trojan was added on 05/26/2016. The version of Trojan -  BackDoor.TeamViewer.49 utilizes TeamViewer as its backdoor implementation and is delivered by Trojan.MulDrop6.39120 through Adobe vulnerability. Even though the Trojan is supposed to hide the TeamViewer interface and use its functions in the background, we believe that mutation of the virus (the virus uses advanced hiding techniques) can create an unpredicted effect on the systems with legitimately installed TeamViewer causing effect described by users that reported the compromise.

The Trojan is delivered by Trojan.MulDrop6.39120 discovered in the beginning of May 2016. The dropper pretends to be an Adobe player upgrade and installs BackDoor.TeamViewer.49 Trojan on the affected computer. The Trojan main payload is injected in avicap32.dll. The virus uses base64 encryption and uses advanced technique to hide its session from the users. 

The Trojan injects itself in auto run. When activated the Trojan can act as a remote access as well as a proxy to transfer commands from C&C to another machine on the LAN. 

Michael Petrov
Founder, Chief Executive Officer

Michael brings 20 years of experience as an information architect, optimization specialist and operations’ advisor. His experience includes extensive high-profile project expertise, such as mainframe and client server integration for Mellon Bank, extranet systems for Sumitomo Bank, architecture and processing workflow for alternative investment division of US Bank.