A new malware, Byakugan, is spreading through fake Adobe Acrobat Reader installers.

Victims are tricked into downloading a malicious PDF file that suggests they need the Reader, initiating the malware installation.

Byakugan employs DLL hijacking and bypasses Windows User Access Control to execute a harmful DLL while appearing to install a legitimate PDF reader.

The malware has extensive capabilities, including system data exfiltration, screenshot capture, and keystroke logging.

Separately, Rhadamanthys malware is masquerading as groupware installers, and WikiLoader is being spread via altered Notepad++.

These sophisticated threats, which blend legitimate with malicious software, are challenging conventional detection methods, signifying the importance of advanced endpoint security.