www.zdnet.com
Open in
urlscan Pro
2a04:4e42:4d::666
Public Scan
URL:
https://www.zdnet.com/article/this-malware-spreading-pdf-uses-a-sneaky-file-name-to-trick-the-unwary/
Submission: On May 11 via manual from CA — Scanned from CA
Submission: On May 11 via manual from CA — Scanned from CA
Form analysis 1 forms found in the DOM
<form class="c-smartSearch_form"><input aria-label="Search" placeholder="What are you looking for?" type="search" autocomplete="off" aria-autocomplete="list" aria-activedescendant="" aria-controls="c-searchSmartSearchResults" name="query" value="">
<button type="submit"><span class="search-go">Go</span> <svg>
<use xlink:href="#arrow-thin" aria-hidden="false"></use>
</svg></button></form>Text Content
/> X Trending * What is ChatGPT and why does it matter? Here's what you need to know * Apple sets June date for its biggest conference of 2023, with headset launch expected * What is Lemon8 and why is everyone talking about it on TikTok? * The best AI art generators: DALL-E 2 and other fun alternatives to try * ChatGPT's intelligence is zero, but it's a revolution in usefulness, says AI expert * * ZDNET Recommends * Testing RFID blocking cards: Do they work? Do you need one? * This almost-great Raspberry Pi alternative is missing one key feature * This $75 dock turns your Mac Mini into a Mac Studio (sort of) * Samsung's Galaxy S23 Plus is the Goldilocks of Smartphones * * Mobile World Congress 2023 * Best massage chairs * Best iRobot vacuums * Best headphones for sleeping * Best smart treadmills Tech * Gaming * Headphones * Laptops * Mobile Accessories * Networking * PCs * * Printers * Smartphones * Smart Watches * Speakers * Streaming Devices * Streaming Services * * Tablets * TVs * Wearables * * Kitchen & Household * Office Furniture * Office Hardware & Appliances * Smart Home * Smart Lighting * Yard & Outdoors Innovation * Artificial Intelligence * AR + VR * Cloud * Digital Transformation * Energy * * Robotics * Sustainability * Transportation * Work Life * * Accelerate your tech game Paid Content * How the New Space Race Will Drive Innovation * How the metaverse will change the future of work and society * * Managing the Multicloud * The Future of the Internet * The New Rules of Work * The Tech Trends to Watch in 2023 Business * See all Business * Amazon * Apple * Developer * E-Commerce * * Edge Computing * Enterprise Software * Executive * Google * Microsoft * * Professional Development * Social Media * SMB * Windows * * Digital transformation: Trends and insights for success * Software development: Emerging trends and changing roles Security * See all Security * Cyber Threats * Password Manager * Ransomware * VPN * * Cybersecurity: Let's get tactical * Securing the Cloud Advice * Deals * How-to * Product Comparisons * Product Spotlights * Reviews Buying Guides * See all Buying Guides * Best all-in-one computers * Best budget TVs * Best gaming CPUs * Best gaming laptops * Best gaming PCs * * Best headphones * Best iPads * Best iPhones * Best laptops * Best large tablets * Best OLED TVs * * Best robot vacuum mops * Best rugged tablets * Best Samsung phones * Best smart rings * Best smartphones * Best smartwatches * * Best speakers * Best tablets * Best travel VPNs * Best TVs * Best VPNs tomorrow belongs to those who embrace it today * Asia * Australia * Europe * India * United Kingdom * United States * ZDNET France * ZDNET Germany * ZDNET Korea * ZDNET Japan Go Most Popular * See all Topics * Finance * Education * Health * Special Features * ZDNET In Depth * ZDNET Recommends * Newsletters * Videos * Editorial Guidelines * Trending What is ChatGPT and why does it matter? Here's what you need to know Apple sets June date for its biggest conference of 2023, with headset launch expected What is Lemon8 and why is everyone talking about it on TikTok? The best AI art generators: DALL-E 2 and other fun alternatives to try ChatGPT's intelligence is zero, but it's a revolution in usefulness, says AI expert ZDNET Recommends Testing RFID blocking cards: Do they work? Do you need one? This almost-great Raspberry Pi alternative is missing one key feature This $75 dock turns your Mac Mini into a Mac Studio (sort of) Samsung's Galaxy S23 Plus is the Goldilocks of Smartphones Mobile World Congress 2023 Best massage chairs Best iRobot vacuums Best headphones for sleeping Best smart treadmills * Tech Gaming Headphones Laptops Mobile Accessories Networking PCs Printers Smartphones Smart Watches Speakers Streaming Devices Streaming Services Tablets TVs Wearables Kitchen & Household Office Furniture Office Hardware & Appliances Smart Home Smart Lighting Yard & Outdoors * Innovation Artificial Intelligence AR + VR Cloud Digital Transformation Energy Robotics Sustainability Transportation Work Life Accelerate your tech game Paid Content How the New Space Race Will Drive Innovation How the metaverse will change the future of work and society Managing the Multicloud The Future of the Internet The New Rules of Work The Tech Trends to Watch in 2023 * Business See all Business Amazon Apple Developer E-Commerce Edge Computing Enterprise Software Executive Google Microsoft Professional Development Social Media SMB Windows Digital transformation: Trends and insights for success Software development: Emerging trends and changing roles * Security See all Security Cyber Threats Password Manager Ransomware VPN Cybersecurity: Let's get tactical Securing the Cloud * Advice Deals How-to Product Comparisons Product Spotlights Reviews * Buying Guides See all Buying Guides Best all-in-one computers Best budget TVs Best gaming CPUs Best gaming laptops Best gaming PCs Best headphones Best iPads Best iPhones Best laptops Best large tablets Best OLED TVs Best robot vacuum mops Best rugged tablets Best Samsung phones Best smart rings Best smartphones Best smartwatches Best speakers Best tablets Best travel VPNs Best TVs Best VPNs * More See all Topics Finance Education Health Special Features ZDNET In Depth ZDNET Recommends Newsletters Videos Editorial Guidelines Tech Home Tech Security THIS MALWARE-SPREADING PDF USES A SNEAKY FILE NAME TO TRICK THE UNWARY Researchers find a malware campaign that uses file-naming trickery to get victims to download malicious files from the internet. Written by Liam Tung, Contributing Writer on May 23, 2022 * * * * * MUST READ Every hardware product Google just announced at I/O 2023 Read now x Replay video Large play-pause toggle Play pause 00:00 00:00 Live Closed captions Share Fullscreen Attackers using the Snake keylogger malware for Windows are emailing malicious PDFs with embedded Word documents to infect victims' PCs and steal information. Malicious PDFs are an unusual tool to use today because attackers prefer Office formats like Word and Excel that are more familiar to PC users, according to threat analysts at HP's Wolf Security, who recently discovered the PDF malware campaign. PRIVACY * How to delete yourself from internet search results and hide your identity online * The best browsers for privacy * Samsung's smartphone 'Repair Mode' stops technicians from viewing your photos * Are period tracking apps safe? The malicious PDF was used to infect PCs with Snake, a keylogger and credential stealer that was first spotted in late November 2020, according to HP. SEE: Just in time? Bosses are finally waking up to the cybersecurity threat The attackers sent email with an attached PDF document named "REMMITANCE INVOICE.pdf" with an embedded Word document named "has been verified. However PDF, Jpeg, xlsx, .docs". The reason for choosing this odd and actually rather sneaky file name for the Word document becomes clear when viewing the prompt that Adobe Reader displays when checking whether the user approves opening this file. The prompt reads: "The file 'has been verified. However PDF, Jpeg, xlsx, .docs' may contain programs, macros, or viruses that could potentially harm your computer." An employee who hastily reads the notice could mistakenly understand that the file in question has been verified and is safe to open. Should the recipient then select "Open this file", Microsoft Word opens. As HP notes, if Protected View is disabled, Word downloads a Rich Text Format (.rtf) file from a web server, which is then run in the context of the open document. (It should be noted that Microsoft Office opens documents from the internet in Protected View or Application Guard for Office by default.) Upon analyzing the Word document, HP's analysts found an illegitimate URL from which an external object linking and embedding (OLE) object was loaded. The OLE object also contains shellcode that exploits the CVE-2017-11882, which is an old remote code execution vulnerability in Microsoft Office Equation Editor that's still popular with hackers. The shellcode downloads an executable called fresh.exe that is in fact the Snake keylogger, which has historically been distributed via malicious RFT documents or archive files attached to emails. "While Office formats remain popular, this campaign shows how attackers are also using weaponized PDF documents to infect systems. Embedding files, loading remotely-hosted exploits and encrypting shellcode are just three techniques attackers use to run malware under the radar. The exploited vulnerability in this campaign (CVE-2017-11882) is over four years old, yet continues being used, suggesting the exploit remains effective for attackers," HP notes. SECURITY These experts are racing to protect AI from hackers. Time is running out Fraudsters are using machine learning to help write scam emails in different languages How to find and remove spyware from your phone The best VPN services: How do the top 5 compare? How to find out if you are involved in a data breach -- and what to do next * These experts are racing to protect AI from hackers. Time is running out * Fraudsters are using machine learning to help write scam emails in different languages * How to find and remove spyware from your phone * The best VPN services: How do the top 5 compare? * How to find out if you are involved in a data breach -- and what to do next Editorial standards Show Comments Log In to Comment Community Guidelines x player version3.2.1stream typeHLSplayback state1duration43.209832current time5.19buffer length43.21average dropped (fps)0.00playback framerate (fps)0.00switching modeautotransition statestartstart index bitrate (B/s)-0.00kcurrent index bitrate (B/s)573.80kcurrent bandwidth (B/s)0.00k you can use from virtually anywhere on earth. Replay video Large play-pause toggle Play pause 00:05 00:43 Live Closed captions Share Fullscreen Learn More Click to unmute RELATED CHATGPT AND THE NEW AI ARE WREAKING HAVOC ON CYBERSECURITY IN EXCITING AND FRIGHTENING WAYS NEW GOOGLE SEARCH TOOL WILL DISTINGUISH REAL IMAGES FROM AI-GENERATED PHONIES SINGAPORE PITCHES NEW LAW TO SLOW SPREAD OF CYBERCRIME ZDNET we equip you to harness the power of disruptive innovation, at work and at home. * Topics * Galleries * Videos * Do Not Sell or Share My Personal Information * about ZDNET * Meet The Team * Sitemap * Reprint Policy * Join | Log In * Newsletters * Site Assistance * Licensing * * * * * * © 2023 ZDNET, A Red Ventures company. All rights reserved. Privacy Policy | Cookie Settings | Advertise | Terms of Use Cookie Settings