Hackers Compromising Windows IIS Servers To Spread TeamViewer Malware
Threat actors are compromising Windows IIS servers to add expired certificate notification pages that bait users into downloading a fake installer. The downloaded malware is signed with a Digicert certificate, and the dropped payload is a TVRAT malware, which allows threat actors to gain full control over the system. The malware installs TeamViewer software and then communicates with its CnC server to let the attackers know that the system has been compromised. Read more...