Sign In

Communications of the ACM

ACM TechNews

PDF Smuggles Microsoft Word Doc to Drop Snake Keylogger Malware

Alert! icon on binary code background

Credit: Getty Images

Threat analysts at HP Wolf Security have discovered a recent malware distribution campaign that uses PDF attachments to transport Word documents with malicious macros.

The emailed PDF is named "Remittance Invoice," presumably promising payment to the recipient; when opened, Adobe Reader prompts the user to open a DOCX file contained within. The hackers named this document "has been verified," causing the Open File prompt to state, "The file 'has been verified.'" Opening the DOCX in Microsoft Word when macros are enabled will download and open a rich text format (RTF) file from a remote resource; the document tries to exploit an old Microsoft Equation Editor bug to run arbitrary code. The RTF's shellcode downloads and runs modular information-stealing Snake Keylogger malware.

From BleepingComputer
View Full Article


Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA


No entries found