Security News > 2022 > May > PDF smuggles Microsoft Word doc to drop Snake Keylogger malware
Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware.
In a new report by HP Wolf Security, researchers illustrate how PDFs are being used as a transport for documents with malicious macros that download and install information-stealing malware on victim's machines.
Embedding Word in PDFs. In a campaign seen by HP Wolf Security, the PDF arriving via email is named "Remittance Invoice," and our guess is that the email body contains vague promises of payment to the recipient.
When the PDF is opened, Adobe Reader prompts the user to open a DOCX file contained inside, which is already unusual and might confuse the victim.
While malware analysts can inspect embedded files in PDFs using parsers and scripts, regular users who receive these tricky emails wouldn't go that far or even know where to start.
Many may open the DOCX in Microsoft Word, and if macros are enabled, will download an RTF file from a remote resource and open it.
News URL
Related news
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- Microsoft says attackers use exposed ASP.NET keys to deploy malware (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)