According to the research by Microsoft, attackers are currently spoofing legitimate organisations in the aviation, travel, or cargo industries to trick email users into launching the malware-laced PDF.
This type of RAT is designed to steal a myriad of information. Login credentials, including usernames and passwords for your online accounts, anything that has been stored in the clipboard (the tool that enables you to copy-and-paste text, images, apps, and more across the operating system), as well as images from your webcam. If these stolen details don’t directly allow the cybercriminals to earn a profit (a password to your online banking is a pretty quick way to make a buck or two) then the data can be used to blackmail users into paying up.
It’s gruesome stuff, but unfortunately, these types of cyber attacks are becoming more common.
Worse still, you don’t even have to download the problematic PDF to fall victim to this type of attack. As Microsoft warns, it can only take one person in a sprawling multinational company to fall foul of this scam before the malware spreads across the business’s entire IT network. So, you could be working at home, blissfully unaware that one of your colleagues has fallen for the scam, only for hackers to have access to your webcam.
Ensuring that you use a uniquely generated password for every online account is a good way to shield yourself. That way, should hackers gain access to one of your login credentials – they won’t be able to use the same email-password combination to unlock every single account in your name. Never download any unsolicited files that you’re not sure about. And don’t be afraid to talk to your IT team if you’re suspicious of something.
If you’re running Windows 10, Microsoft has included an application called Windows Sandbox. This creates a standalone, virtual version of Windows 10 that’s separated from your files, applications, and data. Launching this app, pasting the file you’re concerned about onto the blank desktop, and opening it within Windows Sandbox can be a good way to vet a dodgy file.
This post originally appeared on Daily Express :: Life and Style Feed