A New Malware Uses Email PDFs to Target Victims

Clarity Blog Header sm 5

There is a new type of malware on the scene. Researchers recently discovered that cyber attacks used the Snake keylogger malware for Windows to email malicious PDFs with embedded Word documents. The goal is to infect their victims’ PCs and steal information and sensitive data.

The malware campaign uses file-naming trickery to get victims to download a seemingly legitimate PDF from the internet. This is their back door into the victim’s computer and network.

According to threat analysts at HP’s Wolf Security, this latest strategy is unusual. Typically, cyber actors prefer Office formats like Word and Excel because they are more familiar to PC users.

What do the attacks look like when they occur?

In one case, the attacker sent an email with a PDF document attached that was titled “REMMITANCE INVOICE.pdf”. The PDF even contained an embedded Word document named “has been verified.”

Employees in a hurry assumed the verified text was legitimate and that the file was safe to open.

How can I avoid this happening? Here are our 3 tips to avoid email phishing:

1. Always verify the sender. Just because a file says it has been “verified”, always confirm the sender by calling or emailing them directly. You can do this by checking to see if the sender’s email address is legitimate.

2. Be wary of all links sent via email. Always confirm the sender of a link before clicking. When in doubt, don’t click!

3. Confirm attachments before downloading. Just like with links, confirm an attachment is legitimate and verify the sender before downloading an attachment to your computer. As noted in the above example, downloading a malicious attachment can compromise your computer, and even your entire network.

4. Check the email message. Sometimes the clue to a phishing email is in the message itself. Does the message make sense? Were you expecting this email? If anything seems off, always verify the above three points.

If you are ever unsure of an email message, link or attachment you receive, check with the sender in person or by phone, if possible. If you think you may have been the victim of a phishing email attempt or attack, always contact your IT team ASAP or Clarity Technology Group, and we’d be happy to help. You can get in touch with our team by clicking here.