Stop opening PDF files you receive in shady emails, Microsoft finds malware hidden in them

Hackers are targeting people who have compromised email accounts and luring them with payment-related emails.

If you have a habit of impulsively opening PDFs that you find attached with emails that look shady at best, you need to stop doing that immediately. Microsoft’s Security Intelligence has discovered a Trojan malware attack that hackers are using to target people who do not think twice before opening any PDF files attached to emails. According to the team of researchers at Microsoft Security Intelligence, hackers are targeting users through this email campaign that uses malicious PDF files as bait. These PDFs, when downloaded without caution, can download a Java-based remote access Trojan file called StrRAT, and it can steal passwords and other bank-related credentials saved on your machine. Worse yet, the researchers have found that the Trojan malware in these PDFs can even disguise itself as faked ransomware. These PDF files end with the .crimson extension without encryption. In most cases, there are files that may be an image but they pose as a PDF attachment with .PDF at the end, often succeeding in fooling users into downloading it. When opened, this image masquerading as a benign PDF connects to a malware domain “to download the StrRAT malware.” Hackers often target compromised email accounts with this email campaign that spreads the StrRAT malware, according to Microsoft’s Security Intelligence team. Nearly all the emails that hackers send under this malware campaign use social engineering around payment receipts that may look innocuous to most people.