PDF “Flawed Design” Exploitation
Essential information
- Published
- 14/05/2024 15:30
- Modified
- 14/05/2024 18:03
- Tags
- 2024-05-09 2024-05-10 2024-05-14 agent-tesla asyncrat bladabindi campaigns dcrat exploitation foxit lv malware nanocore rat njrat njw0rm pdf pony remcos venomrat xworm
- Related entities
- 40 observables, 10 techniques (mitre), 12 malware
Description
Check Point Research identified an unusual pattern involving PDF exploitation, mainly targeting users of Foxit Reader. This exploit triggers security warnings that could deceive users into executing harmful commands. The exploitation occurs through a flawed design in Foxit Reader, showing 'OK' as the default option, potentially leading users to ignore warnings and execute malicious code. This exploit has been actively utilized by various threat actors, from e-crime to espionage groups, taking advantage of its low detection rate. The campaigns leverage techniques like distributing malicious PDFs via links, employing legitimate hosting platforms, and achieving impressive attack chains.