Snake Keylogger Spreads Through Malicious PDFs

Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.

While most malicious e-mail campaigns use Word documents to hide and spread malware, a recently discovered campaign uses a malicious PDF file and a 22-year-old Office bug to propagate the Snake Keylogger malware, researchers have found.

The campaign—discovered by researchers at HP Wolf Security—aims to dupe victims with an attached PDF file purporting to have information about a remittance payment, according to a blog post published Friday. Instead, it loads the info-stealing malware, using some tricky evasion tactics to avoid detection.

“While Office formats remain popular, this campaign shows how attackers are also using weaponized PDF documents to infect systems,” HP Wolf Security researcher Patrick Schlapfer wrote in the post, which opined in the headline that “PDF Malware Is Not Yet Dead.”
Indeed, attackers using malicious email campaigns have preferred to package malware in Microsoft Office file formats, particularly Word and Excel, for the past decade, Schlapfer said. In the first quarter of 2022 alone, nearly half (45 percent) of malware stopped by HP Wolf Security used Office formats, according to researchers.

“The reasons are clear: users are familiar with these file types,

Read More: