Security News > 2022 > May > PDF smuggles Microsoft Word doc to drop Snake Keylogger malware

PDF smuggles Microsoft Word doc to drop Snake Keylogger malware
2022-05-22 16:15

Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware.

In a new report by HP Wolf Security, researchers illustrate how PDFs are being used as a transport for documents with malicious macros that download and install information-stealing malware on victim's machines.

Embedding Word in PDFs. In a campaign seen by HP Wolf Security, the PDF arriving via email is named "Remittance Invoice," and our guess is that the email body contains vague promises of payment to the recipient.

When the PDF is opened, Adobe Reader prompts the user to open a DOCX file contained inside, which is already unusual and might confuse the victim.

While malware analysts can inspect embedded files in PDFs using parsers and scripts, regular users who receive these tricky emails wouldn't go that far or even know where to start.

Many may open the DOCX in Microsoft Word, and if macros are enabled, will download an RTF file from a remote resource and open it.


News URL

https://www.bleepingcomputer.com/news/security/pdf-smuggles-microsoft-word-doc-to-drop-snake-keylogger-malware/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2820 161 4400