Jump to content

AteraAgent detection


miekiemoes

Recommended Posts

  • Staff

The recently disclosed vulnerability in PaperCut MF/NG (here), has caused an uptick in attacks abusing PaperCut to install Atera, a legitimate RemoteAdmin tool, in order to attack and breach companies.

As soon as we learned about this latest attack wave, we added detection for the Atera agent installer as RiskWare.RemoteAdmin.Atera, like some other antivirus companies have done. However, given the large install-base of Atera products, we have decided to remove the file detection for now, and have added web-blocks for the rogue Atera distribution sites.

If you use PaperCut in your computers, we strongly recommended to patch your installations of PaperCut MF/MG: https://www.papercut.com/kb/Main/PO-1216-and-PO-1219

For Malwarebytes users wanting to protect more generically against this and other vulnerabilities in PaperCut, you can add a custom exploit shield for PaperCut:
Protection Settings -> Anti-Exploit -> Manage protected applications -> Add ->
            App Name = Papercut
            App File = pc-app.exe
            Program type = MS Office

We will continue monitoring the situation and update this post with new guidance or actions taken.

image.png.6f447015ec36293aa8eba06b0329d1aa.png

 

 

Edited by pbust
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.