A new spyware epidemic has broken out at government entities and NGOs in 23 countries including several organisations in the United States. And it’s not bogus Twitter links or porn that’s getting people this time — it’s PDFs that look like work.
The exploit, called miniDuke, was discovered in a joint effort by security researchers at Kaspersky Lab and CySys Lab. The malicious program gets into systems by exploiting a recently discovered vulnerability in Adobe Reader and Adobe Acrobat. The attackers targeted computers by sending rigged PDFs disguised as ‘highly relevant, well-crafted content’ about Ukraine’s plans to join NATO. I mean, this looks pretty official:
Once the system has been compromised, the PDF drops a 20KB downloader file containing a backdoor that takes commands from pre-determined Twitter accounts. The program sets up progressively larger backdoors, until it’s got the capacity to copy and move files to remote servers, as well as toexecute other commands like installing new malware. Very clever.
OK, if you’re looking at weird porn or clicking dumb links, the malware is your own fault. But if you’re just doing your job and you get infected by some boring looking document, well, it’s harder to blame you. Social engineering is outsmarting us. [Securelist]
Picture: Tischenko Irina/Shutterstock