PDFs used to deliver malware

ESET has uncovered a hacking campaign targeted at stealing data from different organisations, particularly in Pakistan, and with limited spread around the world.

Hackers delivered fake PDF and document attachments by email carrying a malicious malware code. Users opening the attachment, would activate the malware to begin stealing sensitive data from infected PCs. The stolen information would then be sent to the attackers’ servers without the user’s knowledge.

Various types of data-stealing techniques were used including a key-logger, taking screenshots and uploading documents to the attackers’ computer.

‚”We have identified several different documents that followed different themes likely to be enticing to the recipients. One of these is the Indian armed forces. We do not have precise information as to which individuals or organisations were really specifically targeted by these files, but based on our investigations, it is our assumption that people and institutions in Pakistan were targeted,‚” said Jean-Ian Boutin, ESET Malware Researcher.

This targeted attack used a code signing certificate issued to a seemingly legitimate company to sign malicious binaries and improve their potential to spread. The company was based in New Delhi, India and the certificate was issued in 2011.

‚”We’ve seen a shift from cyber attackers previously targeting purely larger organisations to now focusing on smaller more localised attacks, as the lead time to discovery is longer and their potential gain is increased. This was evident in our own back yard recently with the SARS tax rebate spam scam. As an industry, we are going to have to think of innovative ways to combat the misconception that we are all ‚’safe‚’ online. We urge all corporate IT administrators to regularly review IT security policies and endpoint protection procedures.‚” said Lee Bristow, Security Consultant at ESET, member of the 4Di Group.

*