Fake Adobe Acrobat Reader Installers Spreading Byakugan Malware

Published:

spot_img

The cybersecurity world is abuzz with the emergence of a new multi-functional malware called Byakugan, which is being distributed through fake installers for Adobe Acrobat Reader. The attack begins with a deceptive PDF file in Portuguese that prompts the victim to download the Reader application to view the content. Once the victim clicks on the link, an installer named “Reader_Install_Setup.exe” is activated, initiating the infection sequence.

Byakugan utilizes sophisticated techniques like DLL hijacking and Windows User Access Control (UAC) bypass to load a malicious DLL file, leading to the deployment of the final payload. This malware is equipped to gather system metadata, capture screenshots, log keystrokes, download cryptocurrency miners, and extract data from web browsers. Security researcher Pei Han Liao notes that Byakugan is a node.js-based malware packed into its executable.

The discovery of Byakugan comes in the wake of revelations about a campaign spreading the Rhadamanthys information stealer disguised as a groupware installer and the use of a manipulated version of Notepad++ to distribute the WikiLoader malware. These incidents underscore the growing trend of threat actors incorporating both clean and malicious components in malware to evade detection.

As cybersecurity experts continue to unravel the complexities of Byakugan and other emerging threats, vigilance in safeguarding systems and data against malicious actors becomes paramount. Stay tuned for more updates on this evolving landscape of cyber threats.

spot_img

Related articles

Recent articles

APT41 Targets Google Calendar for Malware Control Operations

APT41’s Innovative Malware Tactics Exposed On May 29, 2025, Google reported a significant cybersecurity breach linked to the Chinese state-sponsored group known as APT41. This...

NVIDIA Hosts Exciting Launch Event for ‘DOOM: The Dark Ages’

NVIDIA Celebrates a Landmark Launch: DOOM: The Dark Ages RTX ON In a vibrant event that mingled technology with gaming culture, NVIDIA recently unveiled DOOM:...

Kaspersky Unveils Dark Web Threats Facing Brazilian Businesses

Rising Dark Web Threats to Brazilian Organizations A recent report by Kaspersky’s Digital Footprint Intelligence (DFI) team highlights a concerning trend for Brazilian organizations regarding...

Critical Linux Vulnerabilities Enable Password Hash Theft in Ubuntu, RHEL, and Fedora

May 31, 2025Ravie LakshmananVulnerability / Linux New Vulnerabilities Uncovered in Linux Systems Two significant information disclosure vulnerabilities have...