Byakugan Malware Strikes Via Fake Adobe Installers, Evades Detection
April 6, 2024A new malware, Byakugan, is spreading through fake Adobe Acrobat Reader installers.
Victims are tricked into downloading a malicious PDF file that suggests they need the Reader, initiating the malware installation.
Byakugan employs DLL hijacking and bypasses Windows User Access Control to execute a harmful DLL while appearing to install a legitimate PDF reader.
The malware has extensive capabilities, including system data exfiltration, screenshot capture, and keystroke logging.
Separately, Rhadamanthys malware is masquerading as groupware installers, and WikiLoader is being spread via altered Notepad++.
These sophisticated threats, which blend legitimate with malicious software, are challenging conventional detection methods, signifying the importance of advanced endpoint security.
Summary based on 1 source
Get a daily email with more Tech stories
Source
The Hacker News • Apr 5, 2024
From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware