MOSCOW—Cybercriminals are silently spreading banking Trojans by bundling them with legitimate downloads of the remote-access tool Ammyy Admin, according to a report in BankInfoSecurity.com.
Citing sources from Kaspersky Lab, the publication said the growing threat points to the need for organizations to curtail any administrative privileges granted to employees who also have the ability to download remote-access tools or software.
"There is no problem with detecting the malware," Vasily Berdnikov, a security expert at Kaspersky, told the publication. "The problem is that, in this case, the malware came packed with legitimate software. The thinking behind this strategy is simple: Criminals expect that the system administrator will simply ignore the warning from the security solution, because he will be sure that he is downloading legitimate software from the legitimate source."
Berdnikov said this is the first time Kaspersky's researchers have seen a criminal group hide malware inside a legitimate remote-access tool.
"We've never seen financially motivated criminals using this method," he told BankInfoSecurity.com. "Although there were attacks when legitimate software was Trojanized on its way to the user, these attacks were publicly attributed to a nation-state actor."
Defending against such attacks requires several security strategies, Steven Grossman, a vice president at security firm Bay Dynamics, told the publication.
"In addition to highlighting the need for endpoint protection, it especially highlights the need to lock down administrative access to users' machines, so that they cannot download and install unapproved software," Grossman said. "That one simple step prevents a whole host of security problems, including the installation of many, though not all, malicious software applications. It also points to monitoring user activities and identifying when their behavior changes, which is often an indicator of a compromised account."