Riskware/RemoteAdmin

description-logoAnalysis

Riskware/RemoteAdmin is a generic detection for a riskware, this is synonymous to Generic PUA or Generic PUP. Since this is a generic detection, riskware that are detected as Riskware/RemoteAdmin may have varying behaviour.
Below are some of its observed characteristics/behaviours:

  • Files detected as Riskware/RemoteAdmin fall under the category of remote monitoring and management (RMM) software and is classified as grayware.

  • These files may potentially compromise or weaken a user's security by allowing remote monitoring and control over a user's system.

description-logoOutbreak Alert

An unauthenticated attacker can perform a Remote Code Execution (RCE) on a vulnerable PaperCut Application Server. According to the vendor, the specific flaw exists within the SetupCompleted class and could be achieved remotely without authentication. PaperCut MF/NG Improper Access Control Vulnerability (CVE-2023-27350) has been seen exploited in the wild.

View the full Outbreak Alert Report

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2023-11-29 91.09265
2023-11-26 91.09151
2023-11-25 91.09142
2023-11-23 91.09082
2023-11-20 91.08976
2023-11-20 91.08967
2023-11-18 91.08905
2023-11-11 91.08706
2023-11-10 91.08666
2023-11-08 91.08616