Cybercriminals use the double-extension trick
By Ionut Ilascu on October 28th, 2014 A new email campaign has been detected to deliver Pony stealer disguised as a PDF file purporting to contain details about an overdue invoice.
The document has a double extension and is, in fact, a COM executable file that includes commands for downloading the malware from a compromised website, after running a few unpackaging procedures.
The newest variants of Pony feature capabilities for stealing crypto-currency wallets available on the infected computers but can also exfiltrate sensitive information as well as download other malware families. Full Article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.