Fake Adobe Acrobat Reader Installers Spreading Byakugan Malware

Published:

spot_img

The cybersecurity world is abuzz with the emergence of a new multi-functional malware called Byakugan, which is being distributed through fake installers for Adobe Acrobat Reader. The attack begins with a deceptive PDF file in Portuguese that prompts the victim to download the Reader application to view the content. Once the victim clicks on the link, an installer named “Reader_Install_Setup.exe” is activated, initiating the infection sequence.

Byakugan utilizes sophisticated techniques like DLL hijacking and Windows User Access Control (UAC) bypass to load a malicious DLL file, leading to the deployment of the final payload. This malware is equipped to gather system metadata, capture screenshots, log keystrokes, download cryptocurrency miners, and extract data from web browsers. Security researcher Pei Han Liao notes that Byakugan is a node.js-based malware packed into its executable.

The discovery of Byakugan comes in the wake of revelations about a campaign spreading the Rhadamanthys information stealer disguised as a groupware installer and the use of a manipulated version of Notepad++ to distribute the WikiLoader malware. These incidents underscore the growing trend of threat actors incorporating both clean and malicious components in malware to evade detection.

As cybersecurity experts continue to unravel the complexities of Byakugan and other emerging threats, vigilance in safeguarding systems and data against malicious actors becomes paramount. Stay tuned for more updates on this evolving landscape of cyber threats.

spot_img

Related articles

Recent articles

UAE, Bahrain, and Oman Evacuate Citizens from Iran as Over 20 Nations, Including India, China, and the US, Enhance Repatriation Efforts

Regional Evacuations Amid Escalating Tensions in Iran In recent days, countries such as the UAE, Bahrain, and Oman have ramped up their efforts to repatriate...

Iran’s Leading Crypto Exchange Targeted in Predatory Sparrow Hack

Cyber Attack on Nobitex: Unpacking the Recent Breach Nobitex, recognized as one of the largest cryptocurrency exchanges in Iran, recently faced a significant cybersecurity incident...

Your Passwords May Be Compromised and Sold on the Dark Web

Understanding the Dark Web and the Risks of Data Breaches The Hidden Dangers of Online Security In today’s digital landscape, protecting personal information feels more crucial...

16 Billion Credentials Exposed in Major Data Breach: Cybercriminals on the Rise

A Wake-Up Call: 16 Billion Credentials Exposed in Historic Data Breach The Evolving Threat Landscape In an age where digital connections are indispensable, the threats lurking...