TeamBot Dropper Delivers Additional Malware

TeamBot is the name of a malware dropper that is used to deliver a number of additional threats.

The way malware droppers operate is usually connecting to the command and control server controller by the hackers and then downloading and "dropping" the final payload onto the victim system.

The TeamBot dropper has been spotted in the wild, being distributed as an executable file named "Mika.exe", weighing in at just 230 kilobytes. The dropper has been observed in the wild, used in campaigns to drop additional malicious tools, including several data stealers. Those include the RedLine infostealer, as well as Amaday and Socelars.

Those are all malicious tools of the infostealer variety, focusing on different but often overlapping facets of data theft. Data stealers can scrape login credentials, credit card numbers and cookies. Some of them also include keylogger functionality, allowing the malware operators to log and read every keypress made by the victim system's owner.

TeamBot was being distributed through malspam campaigns and was seen abusing the legitimate TeamViewer application to deploy on the victim system.

May 23, 2022