Russian Hackers Disguise Malware as PDF Tools to Steal Data
-
Russian-backed hackers are sending malware disguised as PDF encryption tools to steal information. The malware, called Spica, steals browser cookies.
-
The attacks start with an encrypted PDF sent to victims. When victims say they can't open it, hackers send a fake "decryption tool" that installs malware.
-
Google says these attacks from the group Coldriver have been occurring since at least September 2022. The malware backdoors devices to steal cookies and data.
-
To protect yourself, don't download bootleg software, don't click suspicious links/files, keep devices updated, use antivirus software, and enable two-factor authentication where possible.
-
If you've been hacked, you should change passwords, enable two-factor authentication, monitor accounts for unauthorized activity, consider identity theft protection services, and contact banks/credit card companies.