Page: Critical Limited Edition Malware Targets Defense Industry

The attack starts with a legitimate-looking PDF file

  Decoy PDF document used in Page malware attacks
Researchers have analyzed an interesting piece of malware called Page. They have found that the critical limited edition malware is masqueraded as a PDF file and sent out to companies from the aviation defense industry.

Researchers have analyzed an interesting piece of malware called Page. They have found that the critical limited edition malware is masqueraded as a PDF file and sent out to companies from the aviation defense industry.

When victims open the apparently-innocent PDF file, they’re presented with an invitation to an upcoming industry event – a fact which clearly shows that the attacks are designed to specifically target the defense sector.

In the meantime, while the user unsuspectingly views the invitation, a vulnerability in collab.hetlcon() is exploited to create and execute a file.

Once it is executed, the file drops a DLL, which opens a backdoor at TCP port 49163 and initiates network communications, Fire Eye experts have explained in a blog post.

While there’s nothing really innovative in the way this malware works, it’s a clear indication that cybercriminals are focusing their efforts on penetrating organizations from the defense industry.

Comments