TeamBot Dropper

Cybersecurity researchers have caught an attack campaign that uses a new dropper malware named TeamBot. Droppers are typically small malware threats that are deployed in the initial stages of the infection stage. Their role is to establish a foothold within the breached system, before fetching and executing the far more threatening next-stage payloads. Details about TeamBot and the associated malicious operations were revealed in a report by security researchers.

According to their findings, TeamBot was used in attacks against a narrow set of victims described as individuals connected to embassies or governmental financial bodies from several European countries. The researchers also have identified several different malware threats being delivered to the victims' devices via TeamBot. In general, all of the threats - Amadey, LokiBot, RedLine, and Socelars belong to the keylogger category. This makes data theft and cyber espionage the likely goals of the attackers.

The delivery of TeamBot begins with a spam email campaign delivering threatening file attachments. The poisoned attachments were presented in the emails as containing top-secret US documents. If the target opened the file, the harmful programming hidden inside it is triggered. At this stage, the cybercriminals exploited the legitimate TeamViewer program to establish remote access to the device.