Fake Adobe Acrobat Reader Installers Spreading Byakugan Malware

Published:

spot_img

The cybersecurity world is abuzz with the emergence of a new multi-functional malware called Byakugan, which is being distributed through fake installers for Adobe Acrobat Reader. The attack begins with a deceptive PDF file in Portuguese that prompts the victim to download the Reader application to view the content. Once the victim clicks on the link, an installer named “Reader_Install_Setup.exe” is activated, initiating the infection sequence.

Byakugan utilizes sophisticated techniques like DLL hijacking and Windows User Access Control (UAC) bypass to load a malicious DLL file, leading to the deployment of the final payload. This malware is equipped to gather system metadata, capture screenshots, log keystrokes, download cryptocurrency miners, and extract data from web browsers. Security researcher Pei Han Liao notes that Byakugan is a node.js-based malware packed into its executable.

The discovery of Byakugan comes in the wake of revelations about a campaign spreading the Rhadamanthys information stealer disguised as a groupware installer and the use of a manipulated version of Notepad++ to distribute the WikiLoader malware. These incidents underscore the growing trend of threat actors incorporating both clean and malicious components in malware to evade detection.

As cybersecurity experts continue to unravel the complexities of Byakugan and other emerging threats, vigilance in safeguarding systems and data against malicious actors becomes paramount. Stay tuned for more updates on this evolving landscape of cyber threats.

spot_img

Related articles

Recent articles

Cyber Attack Contributes to UK Patient’s Death

Cyber Attack Linked to Patient Death in the UK In a deeply concerning incident, UK health officials have reported that the death of a patient...

UNHCR Commends Mali’s Groundbreaking Law for Stateless Individuals

Mali's Landmark Law on Statelessness: A New Era for Rights Protection Introduction to the Legislation The United Nations High Commissioner for Refugees (UNHCR) has praised Mali's...

Remote Access Attacks Targeting SonicWall NetExtender and ConnectWise Vulnerabilities

Cybersecurity Alert: Trojanized SonicWall VPN Software Discovered As remote work continues to thrive, so does the potential for cyber threats, particularly those targeting VPN software....

Discover How to Buy and Sell Leaked Information Without the Dark Web

The Rising Threat of Data Breaches: Insights from Stylian Security In today’s digital world, the threat of data breaches is ever-present, as highlighted by a...