ESET Reveals Targeted Data Stealing Attacks in Pakistan Using Fake PDF and Document Attachments
This targeted attack used a code signing certificate issued to a seemingly legitimate company to sign malicious binaries and improve their potential to spread. The company was based in
“We have identified several different documents that followed different themes likely to be enticing to the recipients. One of these is the Indian armed forces. We do not have precise information as to which individuals or organizations were really specifically targeted by these files, but based on our investigations, it is our assumption that people and institutions in
For instance, one of the fake PDF files was delivered through a self-extracting archive called “pakistandefencetoindiantopmiltrysecreat.exe”, and ESET telemetry data shows that
The first infection vector was utilizing a widely used and abused vulnerability known as
The malware was stealing sensitive data from infected PCs and sending it to the attackers’ servers. It was using various types of data-stealing techniques, among them a key-logger, taking screenshots and uploading documents to attackers’ computer. Interestingly, the information stolen from an infected computer was uploaded to the attacker’s server unencrypted.
“The decision not to use encryption is puzzling considering that adding basic encryption would be easy and provide additional stealth to the operation,” said Boutin.
Full technical analysis is available on WeLiveSecurity.com – ESET’s news platform with the latest information and analysis on cyber threats and useful security tips.
This is a multi-part and multi-vector threat, below are ESET threat names related to this case:
Win32/VB.NVM TrojanWin32/VB.NWB Trojan
ESET® is on the forefront of proactive endpoint protection, delivering trusted security solutions to make the Internet safer. For over 25 years, ESET has helped customers get the most out of their technology by creating a more secure and trusted online experience with antivirus software for consumers and endpoint security solutions for businesses. Award-winning ESET NOD32® Antivirus technology has detected 100% of the WildList Organization “In-the-Wild” malware samples since testing began in 1998. ESET has received over 75 VB100 awards and consistently earns high ratings from AV-Comparatives, Virus Bulletin, AV-TEST and other independent testing organizations. ESET NOD32® Antivirus, ESET Smart Security®, ESET® Endpoint Solutions, ESET® Mobile Security and ESET® Cyber Security (solution for Mac®) are trusted by millions of users and are among the most recommended security solutions in the world. IDC has recognized ESET as a top-five corporate anti-malware provider.
ESET has global headquarters in