Hackers continue to show ingenuity to find ways to hack users’ computers and inject malware via pdf files.
Computer security researchers at HP Wolf Security have discovered a new malicious campaign centered on a simple PDF file.
In fact, these experts discovered a new malicious campaign, centered around a inject malware PDF file.
First, the threat actors send an email with the subject line requesting reimbursement for medical or other expenses. The goal is to make the victims believe they will get the money.
The email in question contains a PDF file as an attachment, in order to reassure the victim of its legitimacy, as World or Excel files are generally considered suspicious in the greatest number.
However, the Word document has been merged into a PDF file. When the victim opens the PDF for the first time, he is asked to open this second document.
The result is somewhat malicious because this file will in turn download Snake Keylogger, a severe malicious program known as “standard information thief with strong persistence, defense bypass,
access to information identification, data collection and extraction”.
However, as the researchers point out, there is still one condition for an attack to succeed. Hackers should only target endpoints that are vulnerable to a particular flaw, CVE-2017-11882.
This vulnerability, which was patched in November 2017, allows remote code execution via Equation Editor, a global module that has since been removed. Unfortunately,
many professional computers are still at the mercy of this flaw.
