TerraTV Description

TerraTV is one of the newly discovered tools that malware actors added recently to what is known as the Golden Chickens (GC) Malware-as-a-Service (MaaS) scheme. This threatening tool can be described as a custom DLL that cybercriminals employ to hijack legitimate TeamViewer applications.

Top-tier threat actors prefer to use the GS MaaS provider for their tailored attacks and other fraudulent activities, as the tools offered as highly flexible and resilient. Four TerraTV samples have been analyzed so far, and they have all been signed with legit certificated issued by Comodo/Sectigo to fake companies.

TerraTV was identified in 2018, while researchers analyzed certain cyberattacks against e-commerce merchants. The discovered corrupted TeamViewer component matched many of the already known features of MaaS infrastructure, and it appeared in several different variants.

TerraTV is installed on the victim's machine through a TerraLoader, which unpacks a legit TeamViewer client. After being executed, the TeamViewer client uses the "DLL Search Order Hijacking" technique to load the threatening TerraTV DLL. Then, the malware hijacks specific API calls to hide itself, while the users do not realize they are being hacked. As a result, TerraTV steals access credentials, sends them to a hardcoded C2 server, and the hackers gain remote access to the compromised computer through a legit TeamViewer connection.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.