Security News > 2022 > May > PDF smuggles Microsoft Word doc to drop Snake Keylogger malware
Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware.
In a new report by HP Wolf Security, researchers illustrate how PDFs are being used as a transport for documents with malicious macros that download and install information-stealing malware on victim's machines.
Embedding Word in PDFs. In a campaign seen by HP Wolf Security, the PDF arriving via email is named "Remittance Invoice," and our guess is that the email body contains vague promises of payment to the recipient.
When the PDF is opened, Adobe Reader prompts the user to open a DOCX file contained inside, which is already unusual and might confuse the victim.
While malware analysts can inspect embedded files in PDFs using parsers and scripts, regular users who receive these tricky emails wouldn't go that far or even know where to start.
Many may open the DOCX in Microsoft Word, and if macros are enabled, will download an RTF file from a remote resource and open it.
News URL
Related news
- Keyloggers, spyware, and stealers dominate SMB malware detections (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- GitHub comments abused to push malware via Microsoft repo URLs (source)