A criminal gang recently found an effective way to spread malware that drains online bank accounts. According to a blog post published Monday, they bundled the malicious executable inside a file that installed a legitimate administrative tool available for download.
The legitimate tool is known as Ammyy Admin and is used to provide remote access to a computer so someone can work on it even when they don’t have physical access to it. According to Monday’s blog post, members of a criminal enterprise known as Lurk somehow managed to tamper with the Ammyy installer so that it surreptitiously installed a malicious spyware program in addition to the legitimate admin tool people expected.
