A new wave of cyberattacks is sweeping across digital infrastructures globally, leveraging weaponised PDF invoices to infiltrate systems with a sophisticated Java-based Remote Access Trojan (RAT). Security researchers from Fortinet have identified a multi-stage, evasive malware campaign targeting Windows, Linux, and macOS devices, exploiting the cross-platform capabilities of Java to establish remote control over compromised machines.
The attack chain begins with phishing emails that appear to contain legitimate invoice attachments. These emails pass domain authentication checks—such as SPF validation—by misusing the serviciodecorreo.es mail service, which is permitted to send messages on behalf of numerous domains. The attached PDF lures recipients with urgent invoice-related messaging, prompting them to click embedded buttons that lead to the next stage of infection.
Once a user interacts with the PDF, they are redirected to a Dropbox-hosted HTML file titled “Fattura”—the Italian word for “invoice.” This file prompts a basic CAPTCHA check before further redirecting the victim to a URL generated by Ngrok, a legitimate tunneling service often abused to conceal malicious activity.
What makes this campaign particularly difficult to detect is its use of geolocation filtering. Depending on the user’s IP address, the final content differs: users located in Italy receive a Java Archive (JAR) file
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: