"How Attackers Deliver Malware to Foxit PDF Reader Users"

According to Check Point researchers, threat actors are exploiting Foxit PDF Reader's flawed alerts to deliver malware via booby-trapped PDFs. The researchers analyzed several campaigns involving malicious PDF files targeting Foxit Reader users. The attackers use various .NET and Python exploit builders, with the "PDF Exploit Builder" being the most popular. They create PDF documents with macros that execute commands/scripts. These download and execute "Agent Tesla," "Remcon RAT," "Xworm," "NanoCore RAT," and other malware. This article continues to discuss the delivery of malware to Foxit PDF Reader users. 

Help Net Security reports "How Attackers Deliver Malware to Foxit PDF Reader Users"

Submitted by grigby1

Submitted by Gregory Rigby on