Riskware/RemoteAdmin
Analysis
Riskware/RemoteAdmin is a generic detection for a riskware, this is synonymous to Generic PUA or Generic PUP.
Since this is a generic detection, riskware that are detected as Riskware/RemoteAdmin may have varying behaviour.
Below are some of its observed characteristics/behaviours:
- Files detected as Riskware/RemoteAdmin fall under the category of remote monitoring and management (RMM) software and is classified as grayware.
- These files may potentially compromise or weaken a user's security by allowing remote monitoring and control over a user's system.
Outbreak Alert
An unauthenticated attacker can perform a Remote Code Execution (RCE) on a vulnerable PaperCut Application Server. According to the vendor, the specific flaw exists within the SetupCompleted class and could be achieved remotely without authentication. PaperCut MF/NG Improper Access Control Vulnerability (CVE-2023-27350) has been seen exploited in the wild.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |