Cybercriminals use the double-extension trick
By Ionut Ilascu on October 28th, 2014 A new email campaign has been detected to deliver Pony stealer disguised as a PDF file purporting to contain details about an overdue invoice.
The document has a double extension and is, in fact, a COM executable file that includes commands for downloading the malware from a compromised website, after running a few unpackaging procedures.
The newest variants of Pony feature capabilities for stealing crypto-currency wallets available on the infected computers but can also exfiltrate sensitive information as well as download other malware families. Full Article
Overdue Invoices Hide Pony Info-Stealing Trojan
Userlevel 7
+54
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.