Malicious PDF attachments used to spread Snake Keylogger malware

Threat actors have been leveraging malicious PDF attachments to facilitate the distribution of the Snake Keylogger malware, according to BleepingComputer. The malware campaign commences with the delivery of an email with a PDF file dubbed "Remittance Invoice," which when opened will trigger Adobe Reader to open an attached DOCX file, an HP Wolf Security report showed. With the document named by attackers as "has been verified," recipients may be deceived into believing that the file has been marked as safe by Adobe. Meanwhile, opening the DOCX in Microsoft Word may prompt the download and opening of an RTF file dubbed "f_document_shp.doc" in the event of enabled macros. Researchers discovered malformed OLE objects embedded in the RTF document in an effort to bypass detection and analysis. Moreover, the shellcode deployed by the document also exploits a remote code execution vulnerability in Equation Editor, tracked as CVE-2017-11882, to facilitate arbitrary code execution.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.