Malware
Malicious PDF attachments used to spread Snake Keylogger malware
Share
Threat actors have been leveraging malicious PDF attachments to facilitate the distribution of the Snake Keylogger malware, according to BleepingComputer.
The malware campaign commences with the delivery of an email with a PDF file dubbed "Remittance Invoice," which when opened will trigger Adobe Reader to open an attached DOCX file, an HP Wolf Security report showed. With the document named by attackers as "has been verified," recipients may be deceived into believing that the file has been marked as safe by Adobe. Meanwhile, opening the DOCX in Microsoft Word may prompt the download and opening of an RTF file dubbed "f_document_shp.doc" in the event of enabled macros.
Researchers discovered malformed OLE objects embedded in the RTF document in an effort to bypass detection and analysis. Moreover, the shellcode deployed by the document also exploits a remote code execution vulnerability in Equation Editor, tracked as CVE-2017-11882, to facilitate arbitrary code execution.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds