Security News > 2022 > May > Snake Keylogger Spreads Through Malicious PDFs
While most malicious e-mail campaigns use Word documents to hide and spread malware, a recently discovered campaign uses a malicious PDF file and a 22-year-old Office bug to propagate the Snake Keylogger malware, researchers have found.
"While Office formats remain popular, this campaign shows how attackers are also using weaponized PDF documents to infect systems," HP Wolf Security researcher Patrick Schlapfer wrote in the post, which opined in the headline that "PDF Malware Is Not Yet Dead."Indeed, attackers using malicious email campaigns have preferred to package malware in Microsoft Office file formats, particularly Word and Excel, for the past decade, Schlapfer said.
Still, while the new campaign does use PDF in the file lure, it later employs Microsoft Word to deliver the ultimate payload-the Snake Keylogger, researchers found.
The HPW Wolf Security team noticed a new PDF-based threat campaign on March 23 with an "Unusual infection chain," involving not just a PDF but also "Several tricks to evade detection, such as embedding malicious files, loading remotely-hosted exploits and shellcode encryption," Schlapfer wrote.
If someone opens the file, Adobe Reader prompts the user to open a.docx file with a rather curious name, researchers found.
The.docx file is stored as an EmbeddedFile object within the PDF, which opens Microsoft Word if clicked on, researchers found.