Beware of encrypted PDFs as the latest trick to deliver malware to you

Beware of encrypted PDFs as the latest trick to deliver malware to you

Unmasking the malicious PDFs: A new cyber threat

by Kurt Knutsson
image_printPrint this article

Russian-backed hackers are using malware disguised as a PDF encryption tool to steal your information. According to the Threat Analysis Group report, COLDRIVER will send victims encrypted PDFs. When the unsuspecting victim replies saying they can’t see the PDF, the group will send a download link that poses as an encryption tool. But it’s really malware.

According to Threat Analysis Group (TAG), which is a specialized team within Google that focuses on identifying and countering various security threats, COLDRIVER primarily deals with phishing attacks. So this new malware-based attack is relatively new territory for the group.

 

 

Credit: Google

 

COLDRIVER’s backdoor malware attack

The attack itself is pretty simple. As previously mentioned, attackers will send an encrypted PDF and then a malware-loaded “encryption tool” once the victims respond. That “encryption tool” will even display a fake PDF document to really sell the ruse. However, it’s really backdooring a piece of malware called Spica into your device.

Spica will steal cookies from Google Chrome, FireFox, Edge and Opera in order to get your information. Google says it’s been in play since September 2023. However, there are instances of COLDRIVER dating back to 2022.

Google says it’s added all domains, websites and files involved in the attacks to its Safe Browsing service. The company has also notified targeted users that they were at risk of an attack.

 

MORE: HOW CRYPTO IMPOSTERS ARE USING CALENDLY TO INFECT MACS WITH MALWARE 

 

How to protect yourself

1) Don’t download bootleg software: It’s not worth the risk to download bootleg software. It exposes your device to potential security threats, such as viruses and spyware.  If someone emails you a link for a download, make sure it’s from a reputable source and scan it. Downloading software from reputable app stores is definitely the way to go to protect your devices.

2) Don’t click on suspicious links or files: If you encounter a link that looks suspicious, misspelled, or unfamiliar, avoid clicking on it. Instead, consider going directly to the company’s website by manually typing in the web address or searching for it in a trusted search engine. Most often, the first or second result that comes up is legitimate. If you see the word “Sponsored “above the search result, take a beat before clicking it and consider clicking on the result below it.

3) Update your device with software regularly: Regularly updating your device’s software is crucial for security because it ensures that you receive the latest patches, bug fixes, and security enhancements. These updates help protect your device from vulnerabilities and potential threats that could be exploited by malicious actors.

4) Have strong antivirus software: The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams.

One of the top solutions we recommend is Norton Antivirus Plus, which extends protection beyond just traditional virus scanning. While iPhones have strong built-in security, Norton adds an important extra layer by helping block malicious websites, phishing links, and unsafe downloads before they can cause harm. If you accidentally tap a bad link in an email, text message, or social media post, Norton helps prevent access to known dangerous sites using its continuously updated threat intelligence. If you are interested in a strong antivirus with phone customer service, we recommend Norton Antivirus Plus. This product includes:
  • Strong real-time protection against viruses, malware, ransomware and hacking attempts
  • AI-powered scam protection to help identify suspicious emails, texts and websites
  • Built-in password manager to securely store and manage logins
  • 2 GB PC cloud backup to help protect important files from ransomware or hardware failure
  • Smart firewall and phishing protection
COVERAGE
  • Protects 1, 3 or 5 devices
  • Available for Windows, macOS, Android and iOS
  • Includes real-time threat protection, smart firewall and phishing protection to guard against online attacks
EXCLUSIVE CYBERGUY DEAL: 58% off (year 1) Please note that the above product is the core antivirus product. Norton may try to upsell additional products, but we don’t recommend them. We encourage you to decline those offers.

 

 

More from CyberGuy
🎙 Now Streaming
Latest CyberGuy Report podcast episode

Watch the latest episode of The CyberGuy Report.

Watch the latest CyberGuy podcast episode on YouTube
Subscribe: Apple | Spotify | YouTube
📱 Free class recording: Lock down your phone

Missed this event? Sign up via the registration form and see our live recording.

🛒 This week’s top Amazon deals

See Kurt’s latest Amazon picks for useful gadgets, smart home upgrades and everyday tech worth grabbing while the deals last.

×

Latest CyberGuy Report podcast episode

MORE: HOW HACKERS ARE EXPLOITING WINDOWS SMARTSCREEN VULNERABILITY TO SPREAD MALWARE 

 

 

What to do if you’ve been hacked

If it has already happened and you’ve been hacked, then you should take immediate action to minimize the damage and secure your device. Here are some steps that you can follow:

 

Change your passwords

If hackers have recorded your passwords, they could access your online accounts and steal your data or money. ON ANOTHER DEVICE (i.e., your laptop or desktop), you should change your passwords for all your important accounts, such as email, banking, social media, etc. You want to do this on another device so the hacker isn’t’ recording you setting up your new password on your hacked device. And you should also use strong and unique passwords that are hard to guess or crack. You can also use a password manager to generate and store your passwords securely.

 

Enable two-factor authentication

You’ll want to activate two-factor authentication for an extra layer of security.

 

Monitor your accounts and transactions

You should check your online accounts and transactions regularly for any suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or the authorities as soon as possible. You should also review your credit reports and scores to see if there are any signs of identity theft or fraud.

Use identity theft protection

Identity Theft protection companies can monitor personal information like your home title, Social Security Number (SSN), phone number, and email address and alert you if it is being used to open an account.  They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best parts of my top pick, Aura: Identity Theft Protection, is its all-in-one approach to safeguarding your personal and financial life. Aura includes identity theft insurance of up to $1 million per adult to cover eligible losses and legal fees, plus 24/7 U.S.-based fraud resolution support with dedicated case managers ready to help restore your identity fast.

Exclusive CyberGuy deal: Save up to 68% today: Get Aura’s award-winning identity theft protection and credit monitoring for as low as $9/month when billed annually.

 

Contact your bank and credit card companies

If hackers have obtained your bank or credit card information, they could use it to make purchases or withdrawals without your consent. You should contact your bank and credit card companies and inform them of the situation. They can help you freeze or cancel your cards, dispute any fraudulent charges, and issue new cards for you.

 

Alert your contacts

If hackers have accessed your email or social media accounts, they could use them to send spam or phishing messages to your contacts. They could also impersonate you and ask for money or personal information. You should alert your contacts and warn them not to open or respond to any messages from you that seem suspicious or unusual.

 

MORE: STEALTHY BACKDOOR MAC MALWARE THAT CAN WIPE OUT YOUR FILES 

 

Kurt’s key takeaways

Hackers will also look for ways to get into your device. It’s your job to make sure you stay on top of your security and browse the web safely. That includes being cautious of what you’re downloading. Even if you receive a file from a trusted contact, you should do your due diligence.

Are you worried about more attacks from groups like COLDRIVER? How do you protect yourself? We want to hear your thoughts in the comments below.

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

 

Copyright 2025 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

image_printPrint this article

   
 
 
🎙 Now Streaming: My New Podcast: The CyberGuy Report

   


 

Kurt’s Top Deals

Deals move fast and inventory can be limited, so don’t wait too long.

🔥 Editor’s pick
Summer entertaining
Ninja SLUSHi Machine
(26% off)
Frozen drinks and slushies at home in minutes.
 
Patriotic pick
American Flag
(19% off)
Heavyweight outdoor American flag.
💰 Top deal
Outdoor essential
TYPEC Solar Bug Zapper
(36% off)
Solar-powered bug zappers for patios and camping.
 
Car tech
ROVE R3 Dash Cam
(33% off)
Front, rear and cabin camera coverage.

Leave a Comment

Free newsletter

Get my free CyberGuy Report

Get my latest tech news, security alerts, tips and deals delivered straight to your inbox.

No spam. No sharing your email. Ever.

🎁

Bonus: Get my FREE Ultimate Scam Survival Guide instantly when you sign up.

By signing up, you agree to our Terms of Service and Privacy Policy . You may unsubscribe at any time.

Tips to avoid our newsletters going to your junk folder