Cybersecurity

Cyber: New Pdfsider Windows Malware Deployed On Fortune 100 Firm's Network

2026-01-19 0 views admin
Cyber: New Pdfsider Windows Malware Deployed On Fortune 100 Firm's Network

Ransomware attackers targeting a Fortune 100 company in the finance sector used a new malware strain, dubbed PDFSider, to deliver malicious payloads on Windows systems.

The attackers employed social engineering in their attempt to gain remote access by impersonating technical support workers and to trick company employees into installing Microsoft's Quick Assist tool.

Researchers at cybersecurity company Resecurity found PDFSider during an incident response and describe it as a stealthy backdoor for long-term access, noting that it shows "characteristics commonly associated with APT tradecraft."

A Resecurity spokesperson told BleepingComputer that PDFSider has been seen deployed in Qilin ransomware attacks. However, the company's threat hunting team notes that the backdoor is already "actively used" by multiple ransomware actors to launch their payloads.

The PDFSider backdoor is delivered via spearphishing emails that carry a ZIP archive with a legitimate, digitally signed executable for the PDF24 Creator tool from Miron Geek Software GmbH. However, the package also includes a malicious version of a DLL (cryptbase.dll), which the application requires to function properly.

When the executable runs, it loads the attacker's DLL file, a technique known as DLL side-loading, and provides code execution on the system.

In other cases, the attacker attempts to trick email recipients into launching the malicious file by using decoy documents that appear to be tailored to the targets. In one example, they used a Chinese government entity as the author.

Once launched, the DLL runs with the rights of the executable that loaded it.

"The EXE file has a legitimate signature; however, the PDF24 software has vulnerabilities that attackers were able to exploit to load this malware and bypass EDR systems effectively," Resecurity explains.

According to the researchers, finding vulnerable software that can be exploited is becoming easier for cybercriminals, due to the rise of AI-powered coding.

Source: BleepingComputer

🏷️ Tags

cybersecuritysecuritymalwareransomwareattack

More from Cybersecurity

Cyber: Fake Ad Blocker Extension Crashes The Browser For Clickfix Attacks

Cyber: Fake Ad Blocker Extension Crashes The Browser For Clickfix Attacks

2026-01-19 0
Cyber: Latest Chatgpt Health Raises Big Security, Safety Concerns 2026

Cyber: Latest Chatgpt Health Raises Big Security, Safety Concerns 2026

2026-01-19 0
Cyber: Google Gemini Prompt Injection Flaw Exposed Private Calendar Data...

Cyber: Google Gemini Prompt Injection Flaw Exposed Private Calendar Data...

2026-01-19 0
Cyber: Uk Govt. Warns About Ongoing Russian Hacktivist Group Attacks

Cyber: Uk Govt. Warns About Ongoing Russian Hacktivist Group Attacks

2026-01-19 0

Trending

1

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

2026-01-15 • 4457 views
2

Tech: Data is the only moat

2026-01-15 • 4133 views
3

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

2026-01-15 • 3239 views
4

Tech: AWS European Sovereign Cloud

2026-01-15 • 2741 views
5

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3

2026-01-15 • 2719 views