Kaspersky Reveals Dangerous Malware that Disguises as a PDF E-Book

JAKARTA - Kaspersky's Global Research and Analysis Team (GReAT) has uncovered a malware-as-a-service campaign targeting ebook readers in several countries including Turkey, Egypt, Bangladesh, and Germany.

In this campaign, the perpetrator disguised advanced malware into a disguised best-selling PDF ebook in Turkish and Arabic, one of which is "The Thirty-Nine Steps" by John Buchan.

So, when users download and open these fake books, the malware will spread infostealer, which will steal stored passwords, cookies, autofill information, and browsing history from Chrome, Edge, Firefox, and other browsers.

Not only that, Kaspersky also found that cybercriminals can steal cryptocurrency wallet extensions, configuration files, storage data, cloud credentials, hardware specifications, installed software, and running processes.

Kaspersky telemetry shows high infection rates in Turkey, Bangladesh, Egypt, and Germany, affecting government agencies, educational institutions, IT services, and other sectors.

"What makes this campaign so worrying is the use of a malware-as-a-service model combined with highly targeted social engineering," said Yossef Abdelmonem, Senior Security Researcher at Kaspersky GReAT.

Kaspersky advises organizations to be on high alert as stolen developer tokens and cloud credentials can give attackers deep access to corporate infrastructure.

Kaspersky also recommends users to verify the source of the ebook before downloading, carefully check the file properties, and update security software that is capable of detecting hard-to-detect malware techniques.