Criminals spoof scanners and printers to infect office networks with malware
Criminals spoof scanners and printers to infect office networks with malware

Cybercriminals are spoofing scanners by the millions to launch attacks containing malicious attachments that appear to be coming from the network printer.

Barracuda researchers first witnessed the initial attack in late November 2017 and said the attachment provides the attackers with the ability to initiate covert surveillance or gain unauthorized access to a victim PC  backdoor into the victim PC, according to a Dec. 21 blog post.

Shortly after researchers spotted millions of attempts to infect unsuspecting users via email. The attacks impersonate Cannon, HP, and Epson brand printers/scanner devices to gain the user's trust.

“Receiving a PDF attachment in an email sent by a printer is so commonplace that many users assume the document is completely safe,” researchers said in the blog. “From a social engineering perspective, this is exactly the response that the cybercriminals want.”

Attackers specifically choose PDF generating devices because PDF files can be weaponized to deliver active contents which can be harmful to users because they are more likely to assume they are safe considering the source, researchers added.

The emails subject read something like “Scanned from HP”, “Scanned from Epson”, or “Scanned from Canon,” while containing a malicious file attachment with anti-detection techniques such as modified file names and extensions inside the traditional file archive, which allows attackers to hide the malicious code inside the archive, imitating a ‘.jpg', ‘.txt' or any other format.

The malware in the attachments was designed to gain unfettered access to a user's device including the ability to monitor user behavior, change computer settings, browse and copy files, utilize the bandwidth to victim's devices.

To prevent these types of attacks, researchers recommend that users double check with the sender if they receive unexpected files or delete them, hover the mouse over hyperlinks to ensure they look legitimate and not click anything suspicious.

Users should also have training and awareness of advance threat protections.