TookPS distributed under the guise of UltraViewer, AutoCAD, and Ableton
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A malware campaign is distributing the TookPS downloader by impersonating popular software like UltraViewer, AutoCAD, SketchUp, Ableton, and Quicken. The malware establishes an SSH tunnel for remote access and deploys additional payloads like TeviRat and Lapmon backdoors. The attackers gain full system control through various methods. The campaign targets both individuals and organizations, using domains registered in early 2024. Users are advised to avoid downloading pirated software, while organizations should implement strict security policies and conduct regular awareness training.
OPENCTI LABELS :
backdoor,downloader,remote access,tookps,lapmon,ssh tunnel,tevirat,software impersonation
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
TookPS distributed under the guise of UltraViewer, AutoCAD, and Ableton