TeamTNT’s New Tools Target Multiple OS

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
The TeamTNT malware pushers have a slew of new toys with which to wreak havoc – multiple shell/batch scripts, open-source tools, a cryptocurrency miner, an IRC and more – that have inflicted more than 5,000 infections globally as antivirus (AV) tools struggle to catch up with the newest malware.

Earlier today, on Wednesday, cybersecurity researchers from AT&T Alien Labs published a report on the group’s latest campaign, dubbed Chimaera. The threat group is carpet-bombing multiple operating systems and applications with its new kit.

According to Alien Labs, infection statistics on the command-and-control (C2) server used in Chimaera suggest that TeamTNT has been running the campaign for about 1.5 months, since July 25. Unfortunately, all of these new tools mean that AV products, for the most part, aren’t detecting the malware yet. “As of August 30, 2021, many malware samples still have zero antivirus detections and others have low detection rates,” according to the report.

In other words, the Chimaera campaign has largely gone unimpeded as it’s infiltrated victims’ networks, using its new, open-source tools to steal usernames and passwords from infected machines and target a range of operating systems. Alien Labs said that the Chimaera campaign has a similar focus to older TeamTNT campaigns: Namely, “stealing cloud systems credentials, using infected systems for cryptocurrency mining, and abusing victims’ machines to search and spread to other vulnerable systems.”
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top