Tweet
Cybersecurity researchers from HP Wolf Security have spotted a new cybercrime campaign that leverages PDF files to try and distribute the Snake Keylogger onto vulnerable endpoints.
According to the researchers, the threat actors would first send an email holding the subject line āRemittance Invoiceā, to try and trick the victims into thinking theyāll be getting paid for something.
The email would carry an attached PDF file, likely to reassure the victim of the emailās legitimacy, as Word or Excel files are typically suspicious.
https://cdn.mos.cms.futurecdn.net/ybbmQ8p4Q999AkMWkW8HLm.jpg
Share your thoughts on Cybersecurity and get a free copy of the Hackerās Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/Ā£10.99.
[HEADING=1]Abusing a known flaw[/HEADING]
However, a Word document, titled āhas been verifiedā, comes embedded within the PDF. When the victim opens the attachment, theyāre greeted with a prompt asking whether or not to open the second file. The message says āThe file āhas been verifiedā However PDF, jpeg, xlsx, docx files may contain programs, macros, or viruses.ā
This might trick the victim into believing their PDF reader scanned the file and that itās good to go.
The Word file, expectedly, comes with a macro that, if enabled, will download a rich text format (RTF) file from a remote location, and run it. The file would then try to download the Snake Keylogger, malware described by BleepingComputer as a āmodular info-stealer with powerful persistence, defense evasion, credential access, data harvesting, and data exfiltration capabilitiesā.
Read more
The target endpoints still need to be vulnerable to a specific flaw, if the attack is to be successful. Researchers have found that the attackers are trying to leverage CVE-2017-11882, a remote code execution bug in Equation Editor.
The flaw was patched in November 2017, but not all device administrators keep their operating systems up to date. Allegedly, it was one of the most popular vulnerabilities to exploit in 2018, due to organizations and consumers being relatively slow to patch it up.
[ul]
[li]These are the best ways to protect your computers from ransomware[/li][/ul]
Via: BleepingComputer
Continue readingā¦
According to the researchers, the threat actors would first send an email holding the subject line āRemittance Invoiceā, to try and trick the victims into thinking theyāll be getting paid for something.
The email would carry an attached PDF file, likely to reassure the victim of the emailās legitimacy, as Word or Excel files are typically suspicious.
https://cdn.mos.cms.futurecdn.net/ybbmQ8p4Q999AkMWkW8HLm.jpg
Share your thoughts on Cybersecurity and get a free copy of the Hackerās Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/Ā£10.99.
[HEADING=1]Abusing a known flaw[/HEADING]
However, a Word document, titled āhas been verifiedā, comes embedded within the PDF. When the victim opens the attachment, theyāre greeted with a prompt asking whether or not to open the second file. The message says āThe file āhas been verifiedā However PDF, jpeg, xlsx, docx files may contain programs, macros, or viruses.ā
This might trick the victim into believing their PDF reader scanned the file and that itās good to go.
The Word file, expectedly, comes with a macro that, if enabled, will download a rich text format (RTF) file from a remote location, and run it. The file would then try to download the Snake Keylogger, malware described by BleepingComputer as a āmodular info-stealer with powerful persistence, defense evasion, credential access, data harvesting, and data exfiltration capabilitiesā.
Read more
This dangerous new keylogger could change the entire malware space
How to turn off the Windows 10 keylogger enabled by default
This cheeky new malware strain hides in the Windows Registry
How to turn off the Windows 10 keylogger enabled by default
This cheeky new malware strain hides in the Windows Registry
The flaw was patched in November 2017, but not all device administrators keep their operating systems up to date. Allegedly, it was one of the most popular vulnerabilities to exploit in 2018, due to organizations and consumers being relatively slow to patch it up.
[ul]
[li]These are the best ways to protect your computers from ransomware[/li][/ul]
Via: BleepingComputer
Continue readingā¦