This scam uses PDFs and Microsoft Word to install malware

You’ve likely received an email with an attachment in the past.  It’s more important now than ever to check who is sending you messages before you open any attachments, especially PDFs.

Beware of a new scam

Hackers are smuggling malware onto your device using innocent-looking PDFs, which is unusual as hackers have historically used Microsoft Office attachments like Word and Excel to transport malware to victims.

 

What is the Malware PDF Scam?

It’s called SVCReady Malware, and this latest phishing scam allows hackers to infect your computer and take over downloads and commands on the device. This malware typically affects PCs, but everyone should be aware of the PDF scam and what to look out for in case your device is targeted.

 

What does this PDF scam look like?

This scam was first recognized in April of this year, and the dangerous malware is typically sent through email, with an attachment. The attached PDF is named “REMITTANCE INVOICE.pdf” and once the attachment is opened, it prompts the user to open a .docx Microsoft Word document. The prompt has used a sneaky way to trick you into thinking the file is verified, but they really just named the file “has been verified” so the prompt reading The file ‘has been verified’ might trick the average user into thinking the download is safe.

 

What the PDF scam does with Microsoft Word

If you click the prompt to open Microsoft Word, you’ll be permitting the malware to download to your computer. The Word document is loaded with shellcode, which is code embedded within the file properties that attempts to get by any antivirus monitoring. The malware is encrypted with C2, also known as Command and Control, which allows the hack to communicate with your device.

If SVCReady malware gets onto your device, it will begin to collect all of your computer’s data, take screenshots, and send all of that information back to the hacker every 5 minutes.

 

SVCReady Malware dangers

This malware was identified by HP and so far these functions have been identified to be supported by the SVCReady malware:

  • Downloading files to your device
  • Taking screenshots
  • Running a shell command
  • Check how many devices are plugged-in through USB
  • Schedule tasks so it can continue to run
  • Run a file

 

How to avoid this PDF scam

Follow these steps to be sure your devices don’t become infected with malware.

1) Keep operating system up-to-date

While this malware was identified on a PC, whether you use Windows or Mac, be sure you’ve updated your device to the latest operating system.

2) Verify sender of any email

Even if the email sender’s name reads something familiar, like “Apple Support” or someone’s name you know, click the name to double-check their email address is correct. Hackers will use a familiar name, but the email will clearly be from an unknown address, which is a big red flag for a scam email.

3) Don’t download PDFs without antivirus protection

Even if you think the PDF is safe, it’s best to install protection on your device that offers real-time monitoring. That way, before you download any harmful PDFs or attachments, they’ll be checked for malware first.

4) Install Backup Security

We’ve broken down the top antivirus programs for 2022,  but the most important factor to look for if you’re hoping for everyday protection before it’s too late is to find software with trusted real-time monitoring.

 

More scams to look out for:

Related posts

Understanding brushing scams and how to protect yourself

From TikTok to trouble: How your online data can be weaponized against you

Massive data breach at federal credit union exposes 240,000 members