acm-header
Sign In

Communications of the ACM

Home/News/PDF Smuggles Microsoft Word Doc to Drop Snake Keylogger.../Full Text
ACM TechNews

PDF Smuggles Microsoft Word Doc to Drop Snake Keylogger Malware

By BleepingComputer
May 31, 2022
Comments
View as: Print Mobile App Share:
Alert! icon on binary code background

Credit: Getty Images

Threat analysts at HP Wolf Security have discovered a recent malware distribution campaign that uses PDF attachments to transport Word documents with malicious macros.

The emailed PDF is named "Remittance Invoice," presumably promising payment to the recipient; when opened, Adobe Reader prompts the user to open a DOCX file contained within. The hackers named this document "has been verified," causing the Open File prompt to state, "The file 'has been verified.'" Opening the DOCX in Microsoft Word when macros are enabled will download and open a rich text format (RTF) file from a remote resource; the document tries to exploit an old Microsoft Equation Editor bug to run arbitrary code. The RTF's shellcode downloads and runs modular information-stealing Snake Keylogger malware.

From BleepingComputer
View Full Article

 

Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account