A new malware campaign exploits fake PDF to DOCX converters to deliver malicious PowerShell commands, threatening crypto wallets. Cybersecurity firm CloudSEK's investigation revealed that users are deceived into executing these commands, which install Arechclient2 malware, part of the SectopRAT family known for information theft. The malicious websites mimic legitimate services, such as PDFCandy, and trick victims with loading bars and CAPTCHA to create an illusion of safety. Once users download an 'adobe.zip' file, their devices become vulnerable to a Remote Access Trojan actively stealing sensitive information, including browser credentials and cryptocurrency wallet data. The malware can check extension stores, extract seed phrases, and exploit Web3 APIs to empty assets post-approval. Experts advise using reliable antivirus solutions and recommend utilizing trusted, official file conversion tools instead of dubious free online converters. Continuous updates in defense strategies and a vigilant approach to cybersecurity are necessary to combat these evolving threats.

Source 🔗