Phishing PDF Files Downloading Malicious Packages

AhnLab Security Emergency response Center (ASEC) observed the distribution of PDF files that contain malicious URLs. The domains linked from the PDF files indicate that similar PDFs are being distributed under the guise of downloading certain games or crack versions of program files. Below is a list of some of the PDF files that are being distributed. Clicking the button within the distributed PDF files connects users to a malicious URL. The figure below is the screen that is displayed…

Phishing PDF Files with CAPTCHA Screen Being Mass-distributed

Phishing PDF files that have CAPTCHA screens are rapidly being mass-distributed this year. A CAPTCHA screen appears upon running the PDF file, but it is not an invalid CAPTCHA. It is simply an image with a link that redirects to a malicious URL. Related types that have been collected by AhnLab’s ASD infrastructure since July up till now amount to 1,500,000. It appears that most of them are distributed overseas, and thus there are fewer cases of damage in Korea….

APT Attacks Using PDF Files, Possibly by North Korea Related Group

Targeted attacks using PDF files have been confirmed, and it seems the group related to North Korea is behind these attacks. While the attack group is thought to be either Kimsuky or Thallium, it might be another group that mimicked those two. The related information was already reported in the press, but this post will additionally reveal previously undisclosed IOC and analysis information such as environments for vulnerabilities. The attacker used PDF files as bait. Malicious JavaScript included in the…