Ransomware attackers have deployed a new stealthy backdoor dubbed PDFSider against a Fortune 100 financial institution. The infection chain typically begins with social engineering, where attackers impersonate technical support to trick employees into installing remote access tools like Microsoft's Quick Assist. This initial access allows threat actors to deliver malicious payloads while bypassing standard security prompts.
Once established, the malware utilizes DLL side-loading by leveraging a legitimate, digitally signed executable from the PDF24 Creator tool to load a malicious DLL. PDFSider is designed for long-term persistence, operating primarily in memory to minimize disk artifacts while using DNS tunneling for data exfiltration and command-and-control communications. Researchers note that the malware's sophisticated encryption and anti-analysis mechanisms align more with APT tradecraft than typical financially motivated malware.
Top comments (0)