On June 30, 2016, Cyphort Labs discovered an infection via malvertising on the website trendystyleshop.com. According to Domain Tools, the site was registered in February 2016 under namecheap.com. What draw our interest to this infection is that it installs TeamViewer, a popular remote application tool which is widely used in enterprises. It makes sense for cyber criminals to use it because it is a good way to masquerade backdoor access as it blends with other users using the same app.