PDF threats are on the rise with cybercriminals spreading malware, including WikiLoader, Ursnif and DarkGate, through PDFs, a new report by HP Wolf Security has found.
The company’s analysis saw a 7% rise in PDF threats in Q4 2023, compared to Q1 of the same year. It noted that previously PDF lures have been used to elicit credentials and financial details from victims through phishing. Now malware is being spread through these documents.
Of the malware the company analyzed in Q4 2023, 11% used PDFs as a delivery method, compared to just 4% in Q1.
A notable example was a WikiLoader campaign using a fake parcel delivery PDF to trick users into installing Ursnif malware, HP Wolf Security said.
Ad Tools Used to Sharpen Attacks
The DarkGate malware campaign used ad tools to track victims and evade detection, HP said.
Malicious PDF attachments, posing as OneDrive error messages, direct users to sponsored content hosted on a popular ad network.
They prompt the target to click on a link to read the document they’ve been promised. In fact, clicking the link downloads files containing malware that infects the computer with DarkGate.
HP noted that because many people used web browsers to read PDF documents, this lure has become very convincing.
No tags.
