A new malware distribution campaign is embedding malicious Microsoft Word documents inside PDF files, prompting victims to launch the Word document as soon as the PDF is opened.
Malicious macros in the Word document then download an RTF (Rich Text Format) file containing shell code that installs and runs Snake Keylogger — a powerful infostealer. Snake is modular and includes persistence capabilities, data harvesting and exfiltration tools, defense evasion and more, all of which make it a formidable threat.
These PDFs are being sent via email. Typically, they are presented as an "invoice" to encourage would-be victims to promptly interact with the attached file.
Email-borne threats are hugely popular among cybercriminals because they work so well. The Advanced Email Security pack for Acronis Cyber Protect Cloud scans all incoming emails for malicious content and attachments — preventing these threats from ever reaching users' inboxes in the first place.
