PDFs Weaponized to Drop Remote Access Trojan via Malicious JavaScript

Security researchers observed a new phishing campaign that distributes seemingly benign PDF documents. When opened, the PDFs execute embedded JavaScript that silently contacts a malicious server, downloads a payload, and installs a remote‑access trojan (RAT) on the victim’s machine. The infection chain leverages legitimate PDF reader features, bypasses many sandbox checks, and establishes persistence through scheduled tasks.

The RAT connects to a fast‑flux command‑and‑control infrastructure, enabling attackers to exfiltrate data, move laterally, and deploy additional malware. Defenders should prioritize PDF inspection, enforce script‑blocking policies in document viewers, and monitor outbound traffic for the identified C2 domains and binaries. Early detection can prevent full compromise and limit the attacker’s foothold.

Categories: Malware & Ransomware, Vulnerabilities & Exploits, AI Security & Threats

Source: Read original article