FlawedAmmyy Remote Access Trojan has been created from leaked Ammyy Admin remote desktop software source code. It can steal files and credentials, install other malware as well as give the attacker use of the many functions of the Ammyy Admin software including; remote desktop control, file manager, proxy supports and chat functionality.
The organisation behind the attacks is thought to be TA505, a prolific hacking group that has been active since 2014, and has previously targeted victims using the Dridex banking trojan, Locky ransomware, Jaff ransomware, and more, in wide-ranging campaigns.
This trojan doesn’t provide victims with any major flags their computer has been infected. In order to avoid infection, users should avoid clicking on unexpected and strange links, especially from unknown senders.
Microsoft Windows – All versions