Communications of the ACM
PDF Smuggles Microsoft Word Doc to Drop Snake Keylogger Malware
Credit: Getty Images
Threat analysts at HP Wolf Security have discovered a recent malware distribution campaign that uses PDF attachments to transport Word documents with malicious macros.
The emailed PDF is named "Remittance Invoice," presumably promising payment to the recipient; when opened, Adobe Reader prompts the user to open a DOCX file contained within. The hackers named this document "has been verified," causing the Open File prompt to state, "The file 'has been verified.'" Opening the DOCX in Microsoft Word when macros are enabled will download and open a rich text format (RTF) file from a remote resource; the document tries to exploit an old Microsoft Equation Editor bug to run arbitrary code. The RTF's shellcode downloads and runs modular information-stealing Snake Keylogger malware.
From BleepingComputer
View Full Article
Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA
No entries found