Suspected Indian state-backed advanced persistent threat operation SideWinder has launched attacks involving a PDF and ClickOnce infection chain as part of a spear-phishing campaign against a New Delhi-based European embassy and various organizations in Bangladesh, Pakistan, and Sri Lanka, according to The Hacker News.Malicious emails delivered through a domain impersonating as Pakistan's Ministry of Defense were leveraged by SideWinder to spread PDF files purporting to be official documents that include a button for downloading the latest Adobe Reader version, a report from Trellix researchers showed. However, clicking the button prompts the retrieval of a ClickOnce app that sideloads an illicit DLL while showing a decoy PDF. Such DLL then deploys the ModuleInstaller that subsequently facilitates StealerBot malware delivery."The consistent use of custom malware, such as ModuleInstaller and StealerBot, coupled with the clever exploitation of legitimate applications for side-loading, underscores SideWinder's commitment to sophisticated evasion techniques and espionage objectives," said Trellix.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds