TeamTNT’s New Tools Target Multiple OS


Level 84
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
The TeamTNT malware pushers have a slew of new toys with which to wreak havoc – multiple shell/batch scripts, open-source tools, a cryptocurrency miner, an IRC and more – that have inflicted more than 5,000 infections globally as antivirus (AV) tools struggle to catch up with the newest malware.

Earlier today, on Wednesday, cybersecurity researchers from AT&T Alien Labs published a report on the group’s latest campaign, dubbed Chimaera. The threat group is carpet-bombing multiple operating systems and applications with its new kit.

According to Alien Labs, infection statistics on the command-and-control (C2) server used in Chimaera suggest that TeamTNT has been running the campaign for about 1.5 months, since July 25. Unfortunately, all of these new tools mean that AV products, for the most part, aren’t detecting the malware yet. “As of August 30, 2021, many malware samples still have zero antivirus detections and others have low detection rates,” according to the report.

In other words, the Chimaera campaign has largely gone unimpeded as it’s infiltrated victims’ networks, using its new, open-source tools to steal usernames and passwords from infected machines and target a range of operating systems. Alien Labs said that the Chimaera campaign has a similar focus to older TeamTNT campaigns: Namely, “stealing cloud systems credentials, using infected systems for cryptocurrency mining, and abusing victims’ machines to search and spread to other vulnerable systems.”