Hacker attacks via Adobe Acrobat Sign on Youtubers, with ransomware and other Trojans

0
32
adobe sign.jpg
adobe sign.jpg

We are used to receiving emails with malicious links every day, but it is easy to identify them, so they do not represent much danger.

Many times it is enough to look at the sender to see how your email account comes from a suspicious domain, which is why most of them fall directly into spam.

Things change when the email arrives from a prestigious domain, such as Adobe using its digital signature platform.

That is what is happening in recent days, an attack directed at Youtubers that begins with an email like the one shown in the screenshot below, where a document is offered to be signed, a document that talks about an alleged copyright infringement somewhere. video posted.

virus youtubers

Although YouTube manages these infringements indirectly, with a specific section for notices and requests to remove content, suspicion grows in the Youtuber, and they will surely click on the Adobe link because, after all, it is Adobe.

The document usually has the following format:

virus youtubers

That is where the malicious link is, in that document hosted by Adobe, with the signature field included, although they have also used dochub.com to host the malicious documents.

Both Adobe and dochub are removing these documents from their systems, since they contain a request to download a .zip file where the real virus is found:

virus youtubers

They are not documents, they are executables that, when analyzed with virustotal, show their true nature:

virus youtubers

Windows detects it as a threat too, of course

virus youtubers

Among them is Trojan:W32/GenInflated.B, a Trojan that hijacks the computer demanding payment to ransom the information. Ransomware, wow.

SEE ALSO  WhatsApp shows how exchanging messages with other apps will work and no, it is not as we expected