This Malware-spreading PDF Uses a Clever File Name to Fool the Unsuspecting Victims

Threat actors using the Snake keylogger malware for Windows send malicious PDFs via email that have embedded Word documents to compromise their targets’ devices and snatch private data.

The PDF malware operation has been observed by researchers at HP’s Wolf Security, who said that malicious PDFs are not a common method to use nowadays as cybercriminals tend to favor Word and Excel programs which are more familiar to PC users.

According to threat analysts, the malicious PDF was employed to install Snake malware on victims’ computers. Snake is a keylogger and information-stealing malware that has been discovered in November 2020.

The Malware Campaign

According to ZDNet, the malicious actors sent an email with an attached PDF document called “REMMITANCE INVOICE.pdf” with an embedded Word document named “has been verified. However PDF, Jpeg, xlsx, .docs”.

The second you see the notification that Adobe Reader shows when verifying whether the target approves opening this file, it becomes evident why attackers preferred this strange and crafty file name for the Word document.

The prompt says:

The file ‘has been verified. However PDF, Jpeg, xlsx, .docs’ may contain programs, macros, or viruses that could potentially harm your computer.


When an employee receives the

Read More: